clientip

package
v0.27.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 5, 2026 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrInvalidIpAddress      = errors.New("invalid ip address")
	ErrUnspecifiedIpAddress  = errors.New("unspecified ip address")
	ErrRemoteAddress         = errors.New("remote address resolver")
	ErrSingleIPHeader        = errors.New("single ip header resolver")
	ErrLeftmostNonPrivate    = errors.New("leftmost non private resolver")
	ErrRightmostNonPrivate   = errors.New("rightmost non private resolver")
	ErrRightmostTrustedCount = errors.New("rightmost trusted count resolver")
	ErrRightmostTrustedRange = errors.New("rightmost trusted range resolver")
)

Functions

func AddressesAndRangesToIPNets 

func AddressesAndRangesToIPNets(ranges ...string) ([]net.IPNet, error)

AddressesAndRangesToIPNets converts a slice of strings with IPv4 and IPv6 addresses and CIDR ranges (prefixes) to net.IPNet instances. If net.ParseCIDR or net.ParseIP fail, an error will be returned. Zones in addresses or ranges are not allowed and will result in an error.

func ParseIPAddr 

func ParseIPAddr(ip string) (*net.IPAddr, error)

ParseIPAddr safely parses the given string into a net.IPAddr. It also returns an error for unspecified (like "::") and zero-value addresses (like "0.0.0.0"). These are nominally valid IPs (net.ParseIP will accept them), but they are never valid "real" client IPs.

The function returns the following errors: - ErrInvalidIpAddress: if the IP address cannot be parsed. - ErrUnspecifiedIpAddress: if the IP address is unspecified (e.g., "::" or "0.0.0.0").

Types

type BlacklistRangeOption 

type BlacklistRangeOption interface {
	// contains filtered or unexported methods
}

func ExcludeLinkLocal 

func ExcludeLinkLocal(enable bool) BlacklistRangeOption

ExcludeLinkLocal enables or disables the inclusion of link local ip ranges in the blacklisted ip ranges.

func ExcludeLoopback 

func ExcludeLoopback(enable bool) BlacklistRangeOption

ExcludeLoopback enables or disables the inclusion of loopback ip ranges in the blacklisted ip ranges.

func ExcludePrivateNet 

func ExcludePrivateNet(enable bool) BlacklistRangeOption

ExcludePrivateNet enables or disables the inclusion of private-space ip ranges in the blacklisted ip ranges.

type Chain 

type Chain struct {
	// contains filtered or unexported fields
}

Chain attempts to use the given resolvers in order. If the first one returns an error, the second one is tried, and so on, until a good IP is found or the resolvers are exhausted. A common use for this is if a server is both directly connected to the internet and expecting a header to check. It might be called like: 

var chain = NewChain(NewLeftmostNonPrivate(XForwardedForKey), NewRemoteAddr())

func NewChain 

func NewChain(resolvers ...fox.ClientIPResolver) Chain

NewChain creates a Chain that attempts to use the given resolvers to derive the client IP, stopping when the first one succeeds.

func (Chain) ClientIP 

func (s Chain) ClientIP(c fox.RequestContext) (*net.IPAddr, error)

ClientIP try to derive the client IP using this resolver chain.

type HeaderKey 

type HeaderKey uint8
const (
	XForwardedForKey HeaderKey = iota
	ForwardedKey
)

func (HeaderKey) String 

func (h HeaderKey) String() string

type LeftmostNonPrivate 

type LeftmostNonPrivate struct {
	// contains filtered or unexported fields
}

LeftmostNonPrivate derives the client IP from the leftmost valid and non-private/non-internal IP address in the X-Forwarded-For or Forwarded header. This resolver should be used when a valid, non-private IP closest to the client is desired. By default, loopback, link local and private net ip range are blacklisted. Note that this MUST NOT BE USED FOR SECURITY PURPOSES. This IP can be TRIVIALLY SPOOFED.

func NewLeftmostNonPrivate 

func NewLeftmostNonPrivate(key HeaderKey, limit uint, opts ...BlacklistRangeOption) (LeftmostNonPrivate, error)

NewLeftmostNonPrivate creates a LeftmostNonPrivate resolver. By default, loopback, link local and private net ip range are blacklisted. A reasonable limit on the number of IPs to parse must be provided to prevent excessive resource usage from adversarial headers.

func (LeftmostNonPrivate) ClientIP 

func (s LeftmostNonPrivate) ClientIP(c fox.RequestContext) (*net.IPAddr, error)

ClientIP derives the client IP using the LeftmostNonPrivate resolver. The returned net.IPAddr may contain a zone identifier. If no valid IP can be derived, an error returned.

type RemoteAddr 

type RemoteAddr struct{}

RemoteAddr returns the client socket IP, stripped of port. This resolver should be used if the server accept direct connections, rather than through a reverse proxy.

func NewRemoteAddr 

func NewRemoteAddr() RemoteAddr

NewRemoteAddr that uses request remote address to get the client IP.

func (RemoteAddr) ClientIP 

func (s RemoteAddr) ClientIP(c fox.RequestContext) (*net.IPAddr, error)

ClientIP derives the client IP using the RemoteAddr resolver. The returned net.IPAddr may contain a zone identifier. This should only happen if the remote address has been modified to something illegal, or if the server is accepting connections on a Unix domain socket (in which case RemoteAddr is "@"). If no valid IP can be derived, an error is returned.

type RightmostNonPrivate 

type RightmostNonPrivate struct {
	// contains filtered or unexported fields
}

RightmostNonPrivate derives the client IP from the rightmost valid, non-private/non-internal IP address in the X-Fowarded-For or Forwarded header. This resolver should be used when all reverse proxies between the internet and the server have private-space IP addresses. By default, loopback, link local and private net ip range are trusted.

func NewRightmostNonPrivate 

func NewRightmostNonPrivate(key HeaderKey, opts ...TrustedRangeOption) (RightmostNonPrivate, error)

NewRightmostNonPrivate creates a RightmostNonPrivate resolver. By default, loopback, link local and private net ip range are trusted.

func (RightmostNonPrivate) ClientIP 

func (s RightmostNonPrivate) ClientIP(c fox.RequestContext) (*net.IPAddr, error)

ClientIP derives the client IP using the RightmostNonPrivate resolver. The returned net.IPAddr may contain a zone identifier. If no valid IP can be derived, an error returned.

type RightmostTrustedCount 

type RightmostTrustedCount struct {
	// contains filtered or unexported fields
}

RightmostTrustedCount derives the client IP from the valid IP address added by the first trusted reverse proxy to the X-Forwarded-For or Forwarded header. This resolver should be used when there is a fixed number of trusted reverse proxies that are appending IP addresses to the header.

func NewRightmostTrustedCount 

func NewRightmostTrustedCount(key HeaderKey, trustedCount uint) (RightmostTrustedCount, error)

NewRightmostTrustedCount creates a RightmostTrustedCount resolver. trustedCount is the number of trusted reverse proxies. The IP returned will be the (trustedCount-1)th from the right. For example, if there's only one trusted proxy, this resolver will return the last (rightmost) IP address.

func (RightmostTrustedCount) ClientIP 

func (s RightmostTrustedCount) ClientIP(c fox.RequestContext) (*net.IPAddr, error)

ClientIP derives the client IP using the RightmostTrustedCount resolver. The returned net.IPAddr may contain a zone identifier. If no valid IP can be derived, an error returned.

type RightmostTrustedRange 

type RightmostTrustedRange struct {
	// contains filtered or unexported fields
}

RightmostTrustedRange derives the client IP from the rightmost valid IP address in the X-Forwarded-For or Forwarded header which is not in a set of trusted IP ranges. This resolver should be used when the IP ranges of the reverse proxies between the internet and the server are known. If a third-party WAF, CDN, etc., is used, you SHOULD use a method of verifying its access to your origin that is stronger than checking its IP address (e.g., using authenticated pulls). Failure to do so can result in scenarios like: You use AWS CloudFront in front of a server you host elsewhere. An attacker creates a CF distribution that points at your origin server. The attacker uses Lambda@Edge to spoof the Host and X-Forwarded-For headers. Now your "trusted" reverse proxy is no longer trustworthy.

func NewRightmostTrustedRange 

func NewRightmostTrustedRange(key HeaderKey, resolver TrustedIPRange) (RightmostTrustedRange, error)

NewRightmostTrustedRange creates a RightmostTrustedRange resolver. headerName must be "X-Forwarded-For" or "Forwarded". trustedRanges must contain all trusted reverse proxies on the path to this server and can be private/internal or external (for example, if a third-party reverse proxy is used).

func (RightmostTrustedRange) ClientIP 

func (s RightmostTrustedRange) ClientIP(c fox.RequestContext) (*net.IPAddr, error)

ClientIP derives the client IP using the RightmostTrustedRange resolver. The returned net.IPAddr may contain a zone identifier. If no valid IP can be derived, an error is returned.

type SingleIPHeader 

type SingleIPHeader struct {
	// contains filtered or unexported fields
}

SingleIPHeader derives an IP address from a single-IP header. A non-exhaustive list of such single-IP headers is: X-Real-IP, CF-Connecting-IP, True-Client-IP, Fastly-Client-IP, X-Azure-ClientIP, X-Azure-SocketIP. This resolver should be used when the given header is added by a trusted reverse proxy. You must ensure that this header is not spoofable (as is possible with Akamai's use of True-Client-IP, Fastly's default use of Fastly-Client-IP, and Azure's X-Azure-ClientIP).

func NewSingleIPHeader 

func NewSingleIPHeader(headerName string) (SingleIPHeader, error)

NewSingleIPHeader creates a SingleIPHeader resolver that uses the headerName request header to get the client IP.

func (SingleIPHeader) ClientIP 

func (s SingleIPHeader) ClientIP(c fox.RequestContext) (*net.IPAddr, error)

ClientIP derives the client IP using the SingleIPHeader resolver. The returned net.IPAddr may contain a zone identifier. If no valid IP can be derived, an error is returned.

type TrustedIPRange 

type TrustedIPRange interface {
	TrustedIPRange() ([]net.IPNet, error)
}

TrustedIPRange returns a set of trusted IP ranges. Implementations of this interface must be thread-safe as it will be invoked whenever the client IP needs to be resolved, potentially from multiple goroutines.

type TrustedIPRangeFunc 

type TrustedIPRangeFunc func() ([]net.IPNet, error)

The TrustedIPRangeFunc type is an adapter to allow the use of ordinary functions as TrustedIPRange. If f is a function with the appropriate signature, TrustedIPRangeFunc() is a TrustedIPRange that calls f.

func (TrustedIPRangeFunc) TrustedIPRange 

func (f TrustedIPRangeFunc) TrustedIPRange() ([]net.IPNet, error)

TrustedIPRange calls f().

type TrustedRangeOption 

type TrustedRangeOption interface {
	// contains filtered or unexported methods
}

func TrustLinkLocal 

func TrustLinkLocal(enable bool) TrustedRangeOption

TrustLinkLocal enables or disables the inclusion of link local ip ranges in the trusted ip ranges.

func TrustLoopback 

func TrustLoopback(enable bool) TrustedRangeOption

TrustLoopback enables or disables the inclusion of loopback ip ranges in the trusted ip ranges.

func TrustPrivateNet 

func TrustPrivateNet(enable bool) TrustedRangeOption

TrustPrivateNet enables or disables the inclusion of private-space ip ranges in the trusted ip ranges.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.