Tell the api to use a custom header for the IP address. Only used if behindProxy is true.
If you for example are behind a Cloudflare proxy, you can set this to CF-Connecting-IP.
Remember that this header can be spoofed, so its recommended to tell your proxy
or firewall to only allow (for example) Cloudflare IP addresses.
If this is not possible, you can use the trustedProxies and trustedProxiesUrls options.
Get the proxy IP address from an arbitrary header.
Useful if you have setups like User -> Cloudflare -> Proxy -> Server.
If left empty, the request IP will be used.
IPv6 address length to be stripped from the end in bytes. This has implications on logging and rate limiting. As many providers do handout IPv6 addresses with a /64 prefix, we recommend setting this to 8, which will remove the last 16 characters.
Example: abcd:abcd:abcd:abcd:abcd:abcd:abcd:abcd -> abcd:abcd:abcd:abcd:0000:0000:0000:0000
If you set this to 0, the full IPv6 address will be logged, and rate limited. Can not be higher than 16. (Which would strip the whole address, why would you do that?)
Trust only the IP header if the request originates from one of the following ip addresses.
Cache downloaded proxy IP addresses for this amount of seconds.
Trust only the IP header if the request originates from one of the following urls.
The urls should return a list of ip addresses separated by a newline.
If set the trustedProxies option will be ignored.
If the api is running behind a proxy, set this to true. This will make the app trust the X-Forwarded-For header.