I remember back in the 90s that Squid was adding this header while acting as a forward proxy. This header was sent across the internet years before someone have ever dreamed of the concept of a "reverse" proxy. I have not fact-checked but I am pretty sure it is older than IPv6 and the original standard was to add this header at the origin and send it across the whole internet.
One thing to add, never trust this header. Anyone can set this header contents to anything. If setting a real-ip header inside your data-center, use a custom header and drop it at the ingress so people can not falsify their IP. If logging X-Forwarded-For, log in addition to and not instead of the remote_addr otherwise you will get smart-asses like me being logged as "chuck-norris".
Never trust it past your infrastructure. If you have, say, Cloudflare in front of a GCP load balancer you can trust two hops and need to configure your logging accordingly.
I remember back in the 90s that Squid was adding this header while acting as a forward proxy. This header was sent across the internet years before someone have ever dreamed of the concept of a "reverse" proxy. I have not fact-checked but I am pretty sure it is older than IPv6 and the original standard was to add this header at the origin and send it across the whole internet.
One thing to add, never trust this header. Anyone can set this header contents to anything. If setting a real-ip header inside your data-center, use a custom header and drop it at the ingress so people can not falsify their IP. If logging X-Forwarded-For, log in addition to and not instead of the remote_addr otherwise you will get smart-asses like me being logged as "chuck-norris".
Never trust it past your infrastructure. If you have, say, Cloudflare in front of a GCP load balancer you can trust two hops and need to configure your logging accordingly.