feat: optional log from X-Real-IP header via new --log-x-real-ip option (#521)

* feat(logger): --log-x-real-ip option.
* docs: Updates for --log-x-real-ip.

docs/content/configuration/command-line-arguments.md

@@ -9,7 +9,6 @@ The server can be configured via the following command-line arguments.
 
 ```
 $ static-web-server -h
-
 A cross-platform, high-performance and asynchronous web server for static files-serving.
 
 Usage: static-web-server [OPTIONS] [COMMAND]
@@ -85,8 +84,10 @@ Options:
           Server TOML configuration file path [env: SERVER_CONFIG_FILE=] [default: ./config.toml]
       --log-remote-address [<LOG_REMOTE_ADDRESS>]
           Log incoming requests information along with its remote address if available using the `info` log level [env: SERVER_LOG_REMOTE_ADDRESS=] [default: false] [possible values: true, false]
+      --log-x-real-ip [<LOG_X_REAL_IP>]
+          Log the X-Real-IP header for remote IP information [env: SERVER_LOG_X_REAL_IP=] [default: false] [possible values: true, false]
       --log-forwarded-for [<LOG_FORWARDED_FOR>]
-          Log real IP from X-Forwarded-For header [env: SERVER_LOG_FORWARDED_FOR] [default: false] [possible values: true, false]
+          Log the X-Forwarded-For header for remote IP information [env: SERVER_LOG_FORWARDED_FOR=] [default: false] [possible values: true, false]
       --trusted-proxies <TRUSTED_PROXIES>
           A comma separated list of IP addresses to accept the X-Forwarded-For header from. Empty means trust all IPs [env: SERVER_TRUSTED_PROXIES] [default: ""]
       --redirect-trailing-slash [<REDIRECT_TRAILING_SLASH>]

docs/content/configuration/environment-variables.md

@@ -30,8 +30,11 @@ Specify a logging level in lowercase. Possible values are `error`, `warn`, `info
 ### SERVER_LOG_REMOTE_ADDRESS
 Log incoming request information along with its Remote Address (IP) if available using the `info` log level. Default `false`.
 
+### SERVER_LOG_X_REAL_IP
+Log the X-Real-IP header if available using the `info` log level. Default `false`.
+
 ### SERVER_LOG_FORWARDED_FOR
-Log real IP from X-Forwarded-For header if available using the `info` log level. Default `false`
+Log the X-Forwarded-For header if available using the `info` log level. Default `false`.
 
 ### SERVER_TRUSTED_PROXIES
 A comma separated list of IP addresses to accept the X-Forwarded-For header from. An empty string means trust all IPs. Default `""`

docs/content/features/logging.md

@@ -13,6 +13,8 @@ static-web-server \
     --log-level "trace"
 ```
 
+> Note: The log format is not well defined and is subject to change.
+
 ## Log Remote Addresses
 
 SWS provides *Remote Address (IP)* logging for every request via an `INFO` log level.
@@ -42,9 +44,28 @@ INFO static_web_server::info: log requests with remote IP addresses: enabled=tru
 INFO static_web_server::handler: incoming request: method=GET uri=/ remote_addr=192.168.1.126:57625
 INFO static_web_server::handler: incoming request: method=GET uri=/favicon.ico remote_addr=192.168.1.126:57625
 ```
-## Log Real Remote IP
 
-When used behind a reverse proxy the reported `remote_addr` indicates the proxies IP address and port, not the clients real IP.
+## Logging Client IP from X-Real-IP header
+
+Some upstream proxies will report the client's real IP address in the `X-Real-IP` header.
+
+To enable logging of the X-Real-IP header, enable the `--log-x-real-ip` option or the equivalent [SERVER_LOG_X_REAL_IP](../configuration/environment-variables.md#server_log_x_real_ip) environment variable.
+
+When enabled, the log entries will look like:
+
+```log
+INFO static_web_server::handler: incoming request: method=GET uri=/ x_real_ip=203.0.113.195
+```
+
+If the value of the `X-Real-IP` header does not parse as an IP address, no value will be logged.
+
+To restrict the logging to only requests that originate from trusted proxy IPs, you can use the `--trusted-proxies` option, or the equivalent [SERVER_TRUSTED_PROXIES](../configuration/environment-variables.md#server_trusted_proxies) env. This should be a list of IPs, separated by commas. An empty list (the default) indicates that all IPs should be trusted.
+
+## Logging Client IP from X-Forwarded-For header
+
+> Note: This header should only be trusted when you know your upstream is handling X-Forwarded-For securely and when using the `--trusted-proxies` option.
+
+When used behind a reverse proxy the reported `remote_addr` indicates the proxies IP address and port, not the client's real IP.
 The Proxy server can be configured to provide the [X-Forwarded-For header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For), containing a comma-separated list of IP addresses, starting with the *real remote client IP*, and all following intermediate proxies (if any).
 
 
@@ -52,7 +73,7 @@ To enable logging of the real remote IP, enable the `--log-forwarded-for` option
 
 Since the content of the `X-Forwarded-For` header can be changed by all proxies in the chain, the remote IP address reported may not be trusted.
 
-To restrict the logging to only trusted proxy IPs, you can use the `--trusted-proxies` option, or the equivalent [SERVER_TRUSTED_PROXIES](../configuration/environment-variables.md#server_trusted_proxies) env. This should be a list of IPs, separated by commas. An empty list (the default) indicates that all IPs should be trusted.
+To restrict the logging to only requests that originate from trusted proxy IPs, you can use the `--trusted-proxies` option, or the equivalent [SERVER_TRUSTED_PROXIES](../configuration/environment-variables.md#server_trusted_proxies) env. This should be a list of IPs, separated by commas. An empty list (the default) indicates that all IPs should be trusted.
 
 Command used for the following examples:
 ```sh