The value in question is the one available as request.META.get('HTTP_X_REAL_IP')
(Django).
Can I be sure that the HTTP or HTTPS request was sent from this address, or that value can tampered with by an adversary?
For instance, do you set it from IP datagram Source Address field, or from any other source?
Background: I would like to process POST request only from IPs of x.y.z.0-255. So if I could reliably filter by client IP, it would be great.