You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
if realIP != "" should be if realIP == ""
because ultimately the logic that exists now is when you have real and direct ip it will return direct and not real
Checklist
[ x] Dependencies installed
[ x] No typos
[ x] Searched existing issues and docs
Expected behaviour
when x-real-ip is present the IPExtractor should return that ip instead of the directIP from RemoteAddr
Actual behaviour
ExtractIPFromRealIPHeader returns RemoteAddr if both RemoteAddr and x-real-ip exist
Steps to reproduce
Working code to debug
package main
funcmain() {
}
Version/commit
The text was updated successfully, but these errors were encountered:
Hi @georgekarrv ,
In this case, directIP does not need to be parsed and trusted. Because directIP is always in a valid ip format. But realIP is a plain text value that taken from X-Real-IP header. So realIP needs parsing and trust checks instead of directIP.
The code block below will fix this erroneous situation.
// ExtractIPFromRealIPHeader extracts IP address using x-real-ip header.// Use this if you put proxy which uses this header.funcExtractIPFromRealIPHeader(options...TrustOption) IPExtractor {
checker:=newIPChecker(options)
returnfunc(req*http.Request) string {
directIP:=ExtractIPDirect()(req)
realIP:=req.Header.Get(HeaderXRealIP)
ifrealIP!="" {
ifip:=net.ParseIP(realIP); ip!=nil&&checker.trust(ip) {
returnrealIP
}
}
returndirectIP
}
}
ExtractIPFromRealIPHeader returns realIP when realIP is a valid and trusted ip otherwise returns directIP.
Issue Description
ExtractIPFromRealIPHeader does not return what was found in x-real-ip
echo/ip.go
Line 98 in a97052e
if realIP != ""
should beif realIP == ""
because ultimately the logic that exists now is when you have real and direct ip it will return direct and not real
Checklist
Expected behaviour
when x-real-ip is present the IPExtractor should return that ip instead of the directIP from RemoteAddr
Actual behaviour
ExtractIPFromRealIPHeader returns RemoteAddr if both RemoteAddr and x-real-ip exist
Steps to reproduce
Working code to debug
Version/commit
The text was updated successfully, but these errors were encountered: