Add support for x-forwarded-for header

[davidecoccia]

The rate-limiting feature is not working when the flask app runs behind a reverse proxy.
In my configuration i have an apache reverse proxy in front of my flask app running gunicorn. get_remote_address() in https://github.com/alisaifee/flask-limiter/blob/master/flask_limiter/util.py only considers the caller address, which in my case is always the proxy one

Expected Behaviour

update the method or add a new one to consider the proxied IP. This can be done using flask.headers, like so

if request.headers.getlist("X-Forwarded-For"):
   ip = request.headers.getlist("X-Forwarded-For")[0]
else:
   ip = request.remote_addr

[alisaifee]

This is documented here

[davidecoccia]

The method provided in the docs works with werkzeug, which is not recommended for production use. For example, I am using Apache + gunicorn and that configuration does not work for me

[alisaifee]

The example I shared adds a middleware from werkzeug which should work with a flask application regardless of which wsgi server you are using to run your app in production. The link you shared is regarding the wsgi server provided by werkzeug for development use (which is not recommended for production).

[alisaifee]

@davidecoccia I'm going to close this for now - the inclusion of a default get_remote_address was a mistake in the initial release of the extension and has really just been kept around as an example. In any real world application you should be explicitly implementing your own.