Order of respecting IP addresses

[NoneTirex]

Past Issues Searched

• [X] I have searched open and closed issues to make sure that the bug has not yet been reported

Issue is a Bug Report

• [x] This is a bug report and not a feature request, nor asking for self-hosted support

Using official Plausible Cloud hosting or self-hosting?

Self-hosting

Describe the bug

I am using the Proxy Plausible API by Cloudflare Workers with a self-hosted Plausible instance behind Cloudflare. The Proxy Plausible API is created using dependency for next: https://github.com/4lejandrito/next-plausible

As cloudflare has it written in the documentation, it sets CF-Connecting-IP to the value 2a06:98c0:3600::103 for In cross-zone subrequests from one Cloudflare zone to another Cloudflare zone: https://developers.cloudflare.com/fundamentals/reference/http-request-headers/#cf-connecting-ip-in-worker-subrequests (and this is actually happening)

My proxy sets the X-Forwarded-For header, but by default in the Plausible code it takes CF-Connecting-IP before X-Forwarded-For the only way to fix this is to add the X-Plausible-IP header: https://github.com/plausible/analytics/blob/master/lib/plausible_web/remote_ip.ex#L18

Is it reasonable to consider CF-Connecting-IP before X-Forwarded-For?

Expected behavior

In my opinion, X-Forwarded-For should come before CF-Connecting-IP (or there should be an option to configure it). In my case, I will add X-Plausible-IP to the middleware in next, but I think it may be confusing in the future for some people. I had to debug it to figure it out.

Screenshots

No response

Environment

No response