-
Notifications
You must be signed in to change notification settings - Fork 10
/
request_address.go
75 lines (63 loc) · 1.9 KB
/
request_address.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
package ginbump
import (
"net"
"net/http"
"strings"
)
// Originally from: https://github.com/sebest/xff/blob/master/xff.go
var privateMasks = func() []net.IPNet {
masks := []net.IPNet{}
for _, cidr := range []string{"10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16", "fc00::/7"} {
if _, network, err := net.ParseCIDR(cidr); err != nil {
panic(err)
} else {
masks = append(masks, *network)
}
}
return masks
}()
// IsPublicIP returns true if the given IP can be routed on the Internet
func IsPublicIP(ip net.IP) bool {
if !ip.IsGlobalUnicast() {
return false
}
for _, mask := range privateMasks {
if mask.Contains(ip) {
return false
}
}
return true
}
// ParseForwarded parses the value of the X-Forwarded-For Header and returns the
// IP address.
func ParseForwarded(ipList string) string {
for _, ip := range strings.Split(ipList, ",") {
ip = strings.TrimSpace(ip)
if parsed := net.ParseIP(ip); parsed != nil && IsPublicIP(parsed) {
return ip
}
}
return ""
}
// GetRequesterAddress does a best effort lookup for the real IP address of the
// requester. Many load balancers (such as AWS's ELB) set a X-Forwarded-For
// header which can be used to determine the IP address of the client when the
// server is behind a load balancer.
//
// It is possible however for the client to spoof this header if the load
// balancer is not configured to remove it from the request or if the server is
// accessed directly.
//
// For uses such as rate limitting, only use this function if you can trust that
// the load balancer will strip the header from the client and that the server
// will not be directly accessible by the public (only though the load
// balancer).
func GetRequesterAddress(r *http.Request) string {
if xff := r.Header.Get("X-Forwarded-For"); xff != "" {
return ParseForwarded(xff)
}
if ip, _, err := net.SplitHostPort(r.RemoteAddr); err == nil {
return ip
}
return ""
}