"Real" Client IP Implementations
Lots of server need to get the "real" client IP1 fromX-Forwarded-For,Forwarded, and other HTTP headers. It seems like it should easy to do so and lots of developers assume it is, but... it's not, and itgets done incorrectly far too often. This can and will lead to bugs and vulnerabilities.
This organization is an attempt to create gold-standard implementations of the strategies for handling those headers. The first implementation is in Go, and will helpful be the reference for all others.
Feel free to use this code however you want. And it would be great if implementations in other languages can be contributed.
Footnotes
The "real" is always quoted, because a) if a leftmost strategy is used, the IP can be spoofed, and b) if a rightmost strategy is used, the IP could belong to an intermediate proxy. But this is the best that can be done.↩
PinnedLoading
- realclientip-go
realclientip-go PublicGo reference implementation of "real" client IP algorithms
Repositories
Uh oh!
There was an error while loading.Please reload this page.
realclientip/realclientip-go’s past year of commit activity - .github Public
Uh oh!
There was an error while loading.Please reload this page.
realclientip/.github’s past year of commit activity
People
This organization has no public members. You must be a member to see who’s a part of this organization.
Top languages
Loading…
Uh oh!
There was an error while loading.Please reload this page.
Most used topics
Loading…
Uh oh!
There was an error while loading.Please reload this page.