Help understanding HTTP_X_FORWARDED_FOR


My self hosted, behind a reverse proxy nextcloud was blocked because of Brute Force Protection. Unblocking it was easy by tweaking the database, but I’d like to avoid that.

I have not set up HTTP_X_FORWARDED_FOR, yet. There’s at least one thing that I don’t understand: in which http server (both apache in my case) do I need to set up the remoteip module? In the reverse proxy or on the machine behind the proxy that hosts my nextcloud instance?

Ok, this might be a really dumb question. I suspect that I have to set it up on the proxy, but I’m not sure and I don’t see it in any documentation…

Could someone with reverse-proxy experience help me, please?