-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
taken account of X-Forwarded-For header #88
Comments
There's also the |
We are not going to take |
Another algo for selecting IP: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For#selecting_an_ip_address |
https://github.com/realclientip/realclientip-go written by the person who wrote https://adam-p.ca/blog/2022/03/x-forwarded-for/ |
What: - Create middleware that adds the real client IP address Note that this is on a best effort basis. Finding the true client IP address is a precarious process[1] Why: - Fixes: #88 Ref: 1. https://adam-p.ca/blog/2022/03/x-forwarded-for/
everywhere we are using
request.RemoteAddr
[1]; we should first check ifX-Forwarded-For
[2] exists and use that instead. Then fall back torequest.RemoteAddr
.See[3] for how
golang/pkgsite
does it. Also how they do ratelimiting is interesting[4]The text was updated successfully, but these errors were encountered: