Eric_Lian Part of the reason that we added the ProcessIp Middleware was actually so that handling proxy IPs via the X-Fowards headers in the future would be easier without breaking extensions.
However in actually attempting to design/implement that logic no one could come to a consensus on exactly the best way to implement it, or which of the many various Proxy headers to follow. Notably there is both the X-Fowarded-For
header, and the Via
header. Both of which do basically the same thing, but one is older than the other. And there were also library issues in which we couldn't find any good libraries to do this for us.
You can see the original attempt at handling proxy IPs at flarum/framework2778
One of the things you'll note is that it lacks proxy validation. And also doesn't have Via
header support.
I think what we need to move further on it would be an actual set of expectations, an idea of how to properly implement it, and known best practices.