Code Monkey home page Code Monkey logo

xff's Introduction

X-Forwarded-For middleware fo Go godoc Build Status

Package xff is a net/http middleware/handler to parse Forwarded HTTP Extension in Golang.

Example usage

Install xff:

go get github.com/sebest/xff

Edit server.go:

package main

import (
  "net/http"

  "github.com/sebest/xff"
)

func main() {
  handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
    w.Write([]byte("hello from " + r.RemoteAddr + "\n"))
  })

  xffmw, _ := xff.Default()
  http.ListenAndServe(":8080", xffmw.Handler(handler))
}

Then run your server:

go run server.go

The server now runs on localhost:8080:

$ curl -D - -H 'X-Forwarded-For: 42.42.42.42' http://localhost:8080/
HTTP/1.1 200 OK
Date: Fri, 20 Feb 2015 20:03:02 GMT
Content-Length: 29
Content-Type: text/plain; charset=utf-8

hello from 42.42.42.42:52661

xff's People

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

rs lukehandle mapix cinderalla imjerrybao maxbaldin cloudxtreme adamjacobmuller yinlei ijt etsangsplk stanhu packethost wongnai sreekanth370 cfunkhouser junxie6 isgasho standardgalactic akahn ajunlonglive proxeter viru-tech

xff's Issues

No license

Hello,

I have noticed that your code does not have a license. Are the terms of the MIT License okay with you?

Allow for remote to be a private ip

IsPublicIP is called from Parse, this applies even if we've configured AllowedSubnets. I'd still argue IsPublicIP does not belong as a filter by default since there's no reason why a proxy must be globally addressable (think entirely private services), but that could be a dangerous change to make at this point.

I'd be happy to come up with a PR for this, is there some form you'd like to see this implemented?

Not a RFC 7239 "Forwarded" parser

The README says that xff is intended to parse the RFC 7239 Forwarded header, but it's not -- it parses the X-Forwarded-For header. These are very different things.

Walk backwards through the ip list to avoid mocking by the client

https://husobee.github.io/golang/ip-address/2015/12/17/remote-ip-go.html mentions:

Instead of walking from the left to right, walk backwards through the number of ip addresses by the number of proxies you have in your environment to the internet. That way, you will be adverse to any mucking with the X-Forwarded-For header by the client.

So the code that he/she suggests is the following:

func getIPAdress(r *http.Request) string {
    for _, h := range []string{"X-Forwarded-For", "X-Real-Ip"} {
        addresses := strings.Split(r.Header.Get(h), ",")
        // march from right to left until we get a public address
        // that will be the address right before our proxy.
        for i := len(addresses) -1 ; i >= 0; i-- {
            ip := addresses[i]
            // header can contain spaces too, strip those out.
            realIP := net.ParseIP(strings.Replace(ip, " ", "", -1))
            if !realIP.IsGlobalUnicast() && !isPrivateSubnet(realIP) {
                // bad address, go to next
                continue
            }
            return ip
        }
    }
    return ""
}

Thoughts?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.