Rate-limiting is a vital security practice in our applications. For logged-in users, it's easy to limit per user and be very granular. But we also need to protect sensitive routes, like our login flow, from abuse by unauthenticated users. Since we don't yet have a user identified, a common approach is to rate limit using the IP address, but that presents a wrinkle: What if our app is hosted behind a tool like Cloudflare that proxies all user traffic? In today's video, I'll show how we can set up our `TrustProxies` middleware to trust CloudFlare, but not open it up to the world. Want a short practical tip delivered to your inbox? Sign up for the Mastering Laravel newsletter: View the article for this tip: