Documentation
¶
Overview ¶
clientip remote-client-ip determination which handles complex issues around the X-Forwarded-For header, as described here: https://adam-p.ca/blog/2022/03/x-forwarded-for/
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetClientIP ¶
func GetClientIP(req *http.Request, trustXFF bool, trustedProxies *TrustedProxies) string
GetClientIP determines the real client IP address from an HTTP request, following best practices for X-Forwarded-For handling.
- If trustXFF is false, always use the direct remote address.
- If trustXFF is true, concatenate all X-Forwarded-For header values, walk from right to left, skipping over any IPs in trustedProxies, and return the first untrusted IP. If all IPs are trusted, fall back to RemoteAddr.
- The remote address's host part is always extracted with net.SplitHostPort if possible.
This function is suitable for use in environments where your app is only reachable via trusted proxies. Never set trustXFF=true if your app is internet-facing.
Types ¶
type TrustedProxies ¶
type TrustedProxies struct {
// contains filtered or unexported fields
}
TrustedProxies holds a list of trusted proxy networks.
func NewTrustedProxies ¶
func NewTrustedProxies(cidrList string) *TrustedProxies
NewTrustedProxies parses a comma-separated list of CIDR blocks and returns a TrustedProxies struct. Invalid CIDRs are skipped.
func (*TrustedProxies) IsTrusted ¶
func (tp *TrustedProxies) IsTrusted(ip string) bool
IsTrusted returns true if ip is in any of the trusted proxy networks.
Source Files