// Check statically configured blocked IPs
        final Set<String> blockedIpSet = ComponentUtil.getFessConfig().getRateLimitBlockedIpsAsSet();
        if (blockedIpSet.contains(ip)) {
            if (logger.isDebugEnabled()) {
                logger.debug("IP in static block list: ip={}", ip);
            }
            return true;
        }

        // Check dynamically blocked IPs (Cache handles expiration automatically)

		// This case is needed when all ips in the list
		// have same last octets, Following just ensures that
		// 127.0.0.1 is moved to the end of the list.
		if ipV4s[i].IsLoopback() {
			return false
		}
		if ipV4s[j].IsLoopback() {
			return true
		}
		return []byte(ipV4s[i].To4())[3] > []byte(ipV4s[j].To4())[3]
	})

	var ips []string
	for _, ip := range ipV4s {

///

### Enable Proxy Forwarded Headers { #enable-proxy-forwarded-headers }

You can start FastAPI CLI with the *CLI Option* `--forwarded-allow-ips` and pass the IP addresses that should be trusted to read those forwarded headers.

If you set it to `--forwarded-allow-ips="*"` it would trust all the incoming IPs.

If your **server** is behind a trusted **proxy** and only the proxy talks to it, this would make it accept whatever is the IP of that **proxy**.

///

### 啟用代理轉發標頭 { #enable-proxy-forwarded-headers }

你可以在啟動 FastAPI CLI 時使用「CLI 選項」`--forwarded-allow-ips`，並傳入允許解析這些轉發標頭的受信任 IP 位址。

如果將其設為 `--forwarded-allow-ips="*"`，就會信任所有進來的 IP。

如果你的「伺服器」位於受信任的「代理」之後，且只有代理會與它通訊，這樣會讓它接受該「代理」的任何 IP。

<div class="termy">

```console
$ fastapi run --forwarded-allow-ips="*"

<span style="color: green;">INFO</span>:     Uvicorn running on http://127.0.0.1:8000 (Press CTRL+C to quit)
```

		}

		if net.ParseIP(host) != nil {
			// For IP only setups there is no need for DNS lookups.
			return baseDialCtx(ctx, "tcp", addr)
		}

		ips, err := lookupHost(ctx, host)
		if err != nil {
			return nil, err
		}

		for _, ip := range ips {
			conn, err = baseDialCtx(ctx, "tcp", net.JoinHostPort(ip, port))
			if err == nil {
				break
			}
		}

		return conn, err
	}

FastAPI CLI를 *CLI 옵션* `--forwarded-allow-ips`로 실행하고, 전달 헤더를 읽을 수 있도록 신뢰할 IP 주소들을 넘길 수 있습니다.

`--forwarded-allow-ips="*"`로 설정하면 들어오는 모든 IP를 신뢰합니다.

**서버**가 신뢰할 수 있는 **프록시** 뒤에 있고 프록시만 서버에 접근한다면, 이는 해당 **프록시**의 IP가 무엇이든 간에 받아들이게 됩니다.

<div class="termy">

```console
$ fastapi run --forwarded-allow-ips="*"

///

### 启用代理转发的请求头 { #enable-proxy-forwarded-headers }

你可以用 *CLI 选项* `--forwarded-allow-ips` 启动 FastAPI CLI，并传入应该被信任、允许读取这些转发请求头的 IP 地址列表。

如果设置为 `--forwarded-allow-ips="*"`，就会信任所有来源 IP。

如果你的**服务器**位于受信任的**代理**之后，并且只有代理会与它通信，这将使其接受该**代理**的任何 IP。

<div class="termy">

```console
$ fastapi run --forwarded-allow-ips="*"

### プロキシ転送ヘッダーを有効化 { #enable-proxy-forwarded-headers }

FastAPI CLI を *CLI オプション* `--forwarded-allow-ips` 付きで起動し、転送ヘッダーを信頼して読んでよい IP アドレスを指定できます。

`--forwarded-allow-ips="*"` とすると、すべての送信元 IP を信頼します。

**サーバー** が信頼できる **プロキシ** の背後にあり、そのプロキシからのみ接続される場合、プロキシの IP を受け入れるようになります。

<div class="termy">

```console
$ fastapi run --forwarded-allow-ips="*"

For example, if the **application server** is only receiving communication from the trusted **proxy**, you can set it to `--forwarded-allow-ips="*"` to make it trust all incoming IPs, as it will only receive requests from whatever is the IP used by the **proxy**.

            return;
        }

        chain.doFilter(request, response);
    }

    /**
     * Send a 403 Forbidden response for blocked IPs.
     * @param response the HTTP response
     * @throws IOException if an I/O error occurs
     */
    protected void sendBlockedResponse(final HttpServletResponse response) throws IOException {