fix: prioritize proxy headers for rate limiting

Check X-Forwarded-For and X-Real-IP headers before peer info to correctly
identify clients behind reverse proxies. Previously, rate limiting would
apply globally when behind Caddy/nginx because all requests appeared to
come from the proxy's IP address.

This fix is critical for production deployments behind reverse proxies.

0 files changed, 0 insertions, 0 deletions