GameServerWeb.Plugs.RealIp (game_server_web v1.0.940)

Copy Markdown

Extracts the real client IP from proxy headers and sets conn.remote_ip.

Checks headers in priority order:

  1. CF-Connecting-IP (Cloudflare)
  2. Fly-Client-IP (Fly.io)
  3. X-Forwarded-For (generic reverse proxy — takes the last entry before the first trusted proxy, which is the most reliable position)

Only parses headers when the request comes from a known proxy address (loopback, Docker bridge, or configured trusted proxies). If the request comes directly from the internet (remote_ip is not a proxy), the headers are ignored to prevent spoofing.

Configuration

config :game_server_web, GameServerWeb.Plugs.RealIp,
  trusted_proxies: ["127.0.0.1", "::1", "172.16.0.0/12", "10.0.0.0/8"]

By default, loopback and private-range addresses are trusted.