Node-ddos will use the first IP address added to X-Forwarded-For, and this can be easily spoofed by the sender. You would usually want to use an entry which is added by a proxy you trust, which would probably be the last entry added. It would be great if it was possible to configure which X-Forwarded-For entry to use.
Output from testmode when getting a request with 'X-Forwarded-For: 1.1.1.1, 2.2.2.2':
ddos: handle: beginning: {}
host: 1.1.1.1
ddos: handle: end: { '1.1.1.1#curl/7.47.0': { count: 1, expiry: 1 } }
Node-ddos will use the first IP address added to X-Forwarded-For, and this can be easily spoofed by the sender. You would usually want to use an entry which is added by a proxy you trust, which would probably be the last entry added. It would be great if it was possible to configure which X-Forwarded-For entry to use.
Output from testmode when getting a request with 'X-Forwarded-For: 1.1.1.1, 2.2.2.2':