Client IP authentication behind a proxy

[boamaod]

In a commit 0867599 checking X-Forwarded-For as part of client IP authentication was removed and after that also README states that:

Note: this auth method will not work if your IP address (such as 127.0.0.1 etc) is not allocated for public networks.

Do I understand correctly that this is mostly for simplifying and unifying the authentication code and does not mean to imply that running behind a proxy excludes client IP authentication? Or is there a reason for a proxy not to forward X-Real-Ip header to make client IP authentication work?

If not, maybe also the README should suggest configuring forwarded headers to make X-Real-Ip directly accessible or handle authentication in custom function, because otherwise it gives an impression that rate limiting behind proxy is not meant to work because of some inherent reason that makes it impossible. Or am I missing the point here?

[abersheeran]

X-Forwarded-For is easy to be forged, and the implementation of X-Real-IP in each proxy server is more secure. So the built-in Client IP function removes the judgment of X-Forwarded-For.

[abersheeran]

By the way, you are welcome to initiate a pull request to improve the documentation together.