ExtractRealIPAddress returns the original client address according to the configuration and headers. It does not mutate the original request.
(config *RealIPConfig, req *http.Request)
| 55 | // ExtractRealIPAddress returns the original client address according to the |
| 56 | // configuration and headers. It does not mutate the original request. |
| 57 | func ExtractRealIPAddress(config *RealIPConfig, req *http.Request) (net.IP, error) { |
| 58 | if config == nil { |
| 59 | config = &RealIPConfig{ |
| 60 | TrustedOrigins: nil, |
| 61 | TrustedHeaders: nil, |
| 62 | } |
| 63 | } |
| 64 | |
| 65 | cf := isContainedIn(config.TrustedOrigins, getRemoteAddress(req.RemoteAddr)) |
| 66 | if !cf { |
| 67 | // Address is not valid or the origin is not trusted; use the |
| 68 | // original address |
| 69 | return getRemoteAddress(req.RemoteAddr), nil |
| 70 | } |
| 71 | |
| 72 | for _, trustedHeader := range config.TrustedHeaders { |
| 73 | addr := getRemoteAddress(req.Header.Get(trustedHeader)) |
| 74 | if addr != nil { |
| 75 | return addr, nil |
| 76 | } |
| 77 | } |
| 78 | |
| 79 | return getRemoteAddress(req.RemoteAddr), nil |
| 80 | } |
| 81 | |
| 82 | // FilterUntrustedOriginHeaders removes all known proxy headers from the |
| 83 | // request for untrusted origins, and ensures that only one copy |