asobi_peer (asobi v0.35.4)
View SourceClient-IP extraction shared across HTTP and WebSocket entry points, used as the rate-limiter key.
By default this returns cowboy_req:peer/1 (the socket peer). When the engine
runs behind a trusted reverse proxy (Traefik/ingress/LB), the socket peer is
the proxy, so every client collapses into one rate-limit bucket. Configure the
proxy's address range so the real client is read from X-Forwarded-For:
{asobi, [{trusted_proxies, [~"10.0.0.0/8", ~"::1/128"]}]}X-Forwarded-For is honored ONLY when the socket peer is itself within a
configured trusted range; otherwise it is ignored (an untrusted client must
not be able to choose its own rate-limit key). With no trusted_proxies
configured, behavior is identical to reading the socket peer directly.
Summary
Functions
-spec client_ip(cowboy_req:req() | map()) -> binary().