Documentation ¶
Overview ¶
Package forwarded offers a decorator for http.Handler that parses Forwarded header (RFC7239) or individual X-Forwarded-For and X-Forarded-Protocol-alike headers and updates http.Request with the detected IP address and protocol. The headers are accepted from the list of trusted IP addresses/networks only.
When IP address is parsed from the configured header, the request.RemoteAddr is updated with the addess and fake port "65535", since http.Request defines that the port has to be present.
When https is detected, but the request doesn't contain TLS information, an empty tls.ConnectionState is attached to the http.Request. Obviously, it doesn't contain any information about encryption and certificates, but could serve as an indicator that some encryption is astually in place.
When http is detected, Request.TLS is reset to nil to indicate that no encryption was used.
In addition, IPNets ipmlements a slice of net.IPNet values with the ability to parse comma-delimited IPv4 and IPv6 addresses and CIDR networks (optionally using flag package) and then check if individual net.IP is matching any of these networks
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type IPNets ¶
IPNets is a slice of net.IPNet
type Wrapper ¶
type Wrapper struct { AllowedNets IPNets // A slice of networks that are allowed to set the *Forwarded* headers AllowEmptySrc bool // Trust empty remote address (for example, Unix Domain Sockets) ParseForwarded bool // Parse Forwarded (rfc7239) header. If set to true, other headers are ignored ForHeader string // A header with the actual IP address[es] (For example, "X-Forwarded-For") ProtocolHeader string // A header with the protocol name (http or https. For example "X-Forwarded-Protocol") }
Wrapper is a configuration structure for the Handler wrapper