Skip to content
@realclientip

"Real" Client IP Implementations

Libraries to extract the "real" client IP from HTTP request headers
README.md

Lots of server need to get the "real" client IP1 from X-Forwarded-For, Forwarded, and other HTTP headers. It seems like it should easy to do so and lots of developers assume it is, but... it's not, and it gets done incorrectly far too often. This can and will lead to bugs and vulnerabilities.

This organization is an attempt to create gold-standard implementations of the strategies for handling those headers. The first implementation is in Go, and will helpful be the reference for all others.

Feel free to use this code however you want. And it would be great if implementations in other languages can be contributed.

Footnotes

  1. The "real" is always quoted, because a) if a leftmost strategy is used, the IP can be spoofed, and b) if a rightmost strategy is used, the IP could belong to an intermediate proxy. But this is the best that can be done.

Pinned Loading

  1. realclientip-go realclientip-go Public

    Go reference implementation of "real" client IP algorithms

    Go 76 5

Repositories

Showing 2 of 2 repositories
  • realclientip-go Public

    Go reference implementation of "real" client IP algorithms

    realclientip/realclientip-go’s past year of commit activity
    Go 76 0BSD 5 6 1 Updated Apr 4, 2022
  • .github Public
    realclientip/.github’s past year of commit activity
    0 0 0 0 Updated Mar 28, 2022

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Top languages

Loading…

Most used topics

Loading…