README
¶
RealIP
Go package that can be used to get client's real public IP, which usually useful for logging HTTP server.
Feature
- Follows the rule of X-Real-IP
- Follows the rule of X-Forwarded-For
- Exclude local or private address
Example
package main
import "github.com/tomasen/realip"
func (h *Handler) ServeIndexPage(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
clientIP := realip.FromRequest(r)
log.Println("GET / from", clientIP)
}
Developing
Commited code must pass:
Documentation
¶
Index ¶
- Constants
- func FromRequest(r *http.Request) string
- func HeaderEquals(headerNameA string, headerNameB string) bool
- func HeaderIsForwarded(headerName string) bool
- func HeaderIsXForwardedFor(headerName string) bool
- func HeaderIsXRealIP(headerName string) bool
- func IsPrivateAddress(address string) (bool, error)
- func IsPrivateIP(ipAddress net.IP) (bool, error)
- func ParseCIDR(ipStr string) (*net.IPNet, error)
- func ParseIP(ip string) net.IP
- func PrepareTrustedCIDRs(trustedProxies []string) ([]*net.IPNet, error)
- func RealIP(r *http.Request) string
- func SetPrivateCIDRs(maxCidrBlocks ...string)
- func XRealIP(xRealIP, xForwardedFor, remoteAddr string) string
- func XRemoteIP(remoteAddr string) string
- type Config
- func (c *Config) AddRemoteIPHeader(remoteIPHeaders ...string) *Config
- func (c *Config) AddTrustedProxies(trustedProxies ...string) error
- func (c *Config) ClientIP(remoteAddress string, header func(string) string) string
- func (c *Config) IgnorePrivateIP() bool
- func (c *Config) Init() *Config
- func (c *Config) IsUnsafeTrustedProxies() bool
- func (c *Config) RemoteIP(remoteAddress string) string
- func (c *Config) SetForwardedByClientIP(forwardedByClientIP bool) *Config
- func (c *Config) SetIgnorePrivateIP(ignorePrivateIP bool) *Config
- func (c *Config) SetProxyType(proxyType string) *Config
- func (c *Config) SetRemoteIPHeaders(remoteIPHeaders ...string) *Config
- func (c *Config) SetTrustedProxies(trustedProxies []string) error
- func (c *Config) SetTrustedProxiesByEnv() error
- func (c *Config) StartWatchEnv(ctx context.Context, dur time.Duration) *Config
- func (c *Config) TrustAll() *Config
- func (c *Config) ValidateIPHeader(headerValue string, headerName string, ignorePrivateIP bool) (clientIP string, valid bool)
- func (c *Config) WatchEnvValue(ctx context.Context, dur time.Duration) error
Constants ¶
const ( HeaderXForwardedFor = "X-Forwarded-For" HeaderXRealIP = "X-Real-Ip" // RFC7239 defines a new "Forwarded: " header designed to replace the // existing use of X-Forwarded-* headers. // e.g. Forwarded: for=192.0.2.60;proto=https;by=203.0.113.43 HeaderForwarded = "Forwarded" HeaderCFConnectingIP = "Cf-Connecting-Ip" HeaderTrueClientIP = "True-Client-Ip" )
Should use canonical format of the header key s https://golang.org/pkg/net/http/#CanonicalHeaderKey
const ( ProxyCloudflare = `cloudflare` ProxyDefault = `default` )
const EnvKey = `REALIP_TRUSTED_PROXIES`
Variables ¶
This section is empty.
Functions ¶
func FromRequest ¶
FromRequest returns client's real public IP address from http request headers.
func HeaderEquals ¶ added in v0.1.3
func HeaderIsForwarded ¶ added in v0.2.1
func HeaderIsXForwardedFor ¶ added in v0.1.3
func HeaderIsXRealIP ¶ added in v0.1.3
func IsPrivateAddress ¶ added in v0.1.3
func IsPrivateIP ¶ added in v0.1.3
isPrivateIP works by checking if the address is under private CIDR blocks. List of private CIDR blocks can be seen on :
func ParseIP ¶ added in v0.1.3
parseIP parse a string representation of an IP and returns a net.IP with the minimum byte representation or nil if input is invalid.
func PrepareTrustedCIDRs ¶ added in v0.2.0
func SetPrivateCIDRs ¶ added in v0.2.3
func SetPrivateCIDRs(maxCidrBlocks ...string)
Types ¶
type Config ¶ added in v0.1.0
type Config struct {
// contains filtered or unexported fields
}
func (*Config) AddRemoteIPHeader ¶ added in v0.1.0
func (*Config) AddTrustedProxies ¶ added in v0.2.0
func (*Config) ClientIP ¶ added in v0.1.0
ClientIP implements one best effort algorithm to return the real client IP. It calls c.RemoteIP() under the hood, to check if the remote IP is a trusted proxy or not. If it is it will then try to parse the headers defined in Engine.RemoteIPHeaders (defaulting to [X-Forwarded-For, X-Real-Ip]). If the headers are not syntactically valid OR the remote IP does not correspond to a trusted proxy, the remote IP (coming from Request.RemoteAddr) is returned.
func (*Config) IgnorePrivateIP ¶ added in v0.1.0
func (*Config) IsUnsafeTrustedProxies ¶ added in v0.1.1
IsUnsafeTrustedProxies checks if Engine.trustedCIDRs contains all IPs, it's not safe if it has (returns true)
func (*Config) RemoteIP ¶ added in v0.1.0
RemoteIP parses the IP from Request.RemoteAddr, normalizes and returns the IP (without the port).
func (*Config) SetForwardedByClientIP ¶ added in v0.1.0
func (*Config) SetIgnorePrivateIP ¶ added in v0.1.0
func (*Config) SetProxyType ¶ added in v0.2.4
func (*Config) SetRemoteIPHeaders ¶ added in v0.1.0
func (*Config) SetTrustedProxies ¶ added in v0.1.0
SetTrustedProxies set a list of network origins (IPv4 addresses, IPv4 CIDRs, IPv6 addresses or IPv6 CIDRs) from which to trust request's headers that contain alternative client IP when `Config.ForwardedByClientIP` is `true`. `TrustedProxies` feature is enabled by default, and it also trusts all proxies by default. If you want to disable this feature, use Config.SetTrustedProxies(nil), then Context.ClientIP() will return the remote address directly.
Source Files