forwarded

package module

v0.0.0-...-9ab0287 Latest Latest Go to latest Published: Sep 5, 2015 License: MIT Imports: 6 Imported by: 3

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/stanvit/go-forwarded

Links

Open Source Insights

README ¶

go-forwarded

Description

forwarded is a Golang decorator/wrapper for http.Handler that parses X-Forwarded-For and X-Forwarded-Protocol headers and updates passing http.Request.RemoteAddr and http.Request.TLS accordingly.

It supports arbitrary named individual headers and RFC7239 Forwarded header.

Usage example

Extremely simplified example:

package main

import (
	"fmt"
	"github.com/stanvit/go-forwarded"
	"net/http"
)

func simpleHandler(w http.ResponseWriter, r *http.Request) {
	w.Header().Set("Content-Type", "text/plain")
	w.WriteHeader(http.StatusOK)
	w.Write([]byte(fmt.Sprintf("Requesting IP is %v\nHTTPS: %t\n", r.RemoteAddr, r.TLS != nil)))
}

func main() {
	wrapper, _ := forwarded.New("192.168.0.0/16, 127.0.0.1", false, false, "X-Forwarded-For", "X-Forwarded-Protocol")
	handler := wrapper.Handler(http.HandlerFunc(simpleHandler))
	http.Handle("/", handler)
	http.ListenAndServe(":8082", nil)
}

$ curl -H 'X-Forwarded-For: 1.2.3.4' -H 'X-Forwarded-Protocol: https' -v http://127.0.0.1:8082
* Rebuilt URL to: http://127.0.0.1:8082/
* Hostname was NOT found in DNS cache
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8082 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.35.0
> Host: 127.0.0.1:8082
> Accept: */*
> X-Forwarded-For: 1.2.3.4
> X-Forwarded-Protocol: https
> 
< HTTP/1.1 200 OK
< Content-Type: text/plain
< Date: Sat, 05 Sep 2015 01:16:15 GMT
< Content-Length: 43
< 
Requesting IP is 1.2.3.4:65535
HTTPS: true
* Connection #0 to host 127.0.0.1 left intact

API documentation

API documentation is avalable at Godoc

Documentation ¶

Overview ¶

Package forwarded offers a decorator for http.Handler that parses Forwarded header (RFC7239) or individual X-Forwarded-For and X-Forarded-Protocol-alike headers and updates http.Request with the detected IP address and protocol. The headers are accepted from the list of trusted IP addresses/networks only.

When IP address is parsed from the configured header, the request.RemoteAddr is updated with the addess and fake port "65535", since http.Request defines that the port has to be present.

When https is detected, but the request doesn't contain TLS information, an empty tls.ConnectionState is attached to the http.Request. Obviously, it doesn't contain any information about encryption and certificates, but could serve as an indicator that some encryption is astually in place.

When http is detected, Request.TLS is reset to nil to indicate that no encryption was used.

In addition, IPNets ipmlements a slice of net.IPNet values with the ability to parse comma-delimited IPv4 and IPv6 addresses and CIDR networks (optionally using flag package) and then check if individual net.IP is matching any of these networks

Index ¶

type IPNets
type Wrapper
- func New(nets string, allowEmpty, parseForwarded bool, forHeader, protocolHeader string) (wrapper *Wrapper, err error)
- func (wrapper *Wrapper) Handler(h http.Handler) http.Handler

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type IPNets ¶

type IPNets []net.IPNet

IPNets is a slice of net.IPNet

func (IPNets) Contains ¶

func (nets IPNets) Contains(ip net.IP) bool

Contains returns true if ip matches any of networks stored in IPNets

func (*IPNets) Set ¶

func (nets *IPNets) Set(param string) error

Set parses supplied comma-delimited list of IPv4 or IPv6 IPs and CIDR networks into IPNets. Together with String implements flag.Value interface so it's possible to parse command-line parameters directly into *IPnets

func (*IPNets) String ¶

func (nets *IPNets) String() string

String returns a string with comma-delimited CIDR representations of networks stored in IPNets Together with Set implements flag.Value interface so it's possible to parse command-line parameters directly into *IPnets

type Wrapper ¶

type Wrapper struct {
	AllowedNets    IPNets // A slice of networks that are allowed to set the *Forwarded* headers
	AllowEmptySrc  bool   // Trust empty remote address (for example, Unix Domain Sockets)
	ParseForwarded bool   // Parse Forwarded (rfc7239) header. If set to true, other headers are ignored
	ForHeader      string // A header with the actual IP address[es] (For example, "X-Forwarded-For")
	ProtocolHeader string // A header with the protocol name (http or https. For example "X-Forwarded-Protocol")
}

Wrapper is a configuration structure for the Handler wrapper

func New ¶

func New(nets string, allowEmpty, parseForwarded bool, forHeader, protocolHeader string) (wrapper *Wrapper, err error)

New parses comma-separated list of IP addresses and/or CIDR subnets and returns configured *Wrapper

func (*Wrapper) Handler ¶

func (wrapper *Wrapper) Handler(h http.Handler) http.Handler

Handler offers decorator for a http.Handler. It analyses incoming requests and, if source IP matches the trusted IP/nets list, updates the request with IP address and encryption information.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL