X-Forwarded-For (XFF)
If you wish to restrict check in by IP address but users are able to access the office network via a VPN this option may be for you.
The X-Forwarded-For
(XFF) request header is a de-facto standard header for identifying the originating IP address of a client connecting to a web server through a proxy server.
When a client connects directly to a server, the client's IP address is sent to the server (and is often written to server access logs). But if a client connection passes through any forward or reverse proxies, the server only sees the final proxy's IP address, which is often of little use. That's especially true if the final proxy is a load balancer which is part of the same installation as the server. So, to provide a more-useful client IP address to the server, the X-Forwarded-For
request header is used.