IsProxyTrusted checks trustworthiness of remote ip. If Config.TrustProxy false, it returns false. IsProxyTrusted can check remote ip by proxy ranges and ip map.
()
| 1198 | // If Config.TrustProxy false, it returns false. |
| 1199 | // IsProxyTrusted can check remote ip by proxy ranges and ip map. |
| 1200 | func (r *DefaultReq) IsProxyTrusted() bool { |
| 1201 | config := r.c.app.config |
| 1202 | if !config.TrustProxy { |
| 1203 | return false |
| 1204 | } |
| 1205 | |
| 1206 | remoteAddr := r.c.fasthttp.RemoteAddr() |
| 1207 | switch remoteAddr.(type) { |
| 1208 | case *net.UnixAddr: |
| 1209 | return config.TrustProxyConfig.UnixSocket |
| 1210 | case *net.TCPAddr, *net.UDPAddr: |
| 1211 | // Keep existing RemoteIP/IP-map/CIDR checks for TCP/UDP paths as-is. |
| 1212 | default: |
| 1213 | // Unknown address type: do not trust by default. |
| 1214 | return false |
| 1215 | } |
| 1216 | |
| 1217 | ip := r.c.fasthttp.RemoteIP() |
| 1218 | if ip == nil { |
| 1219 | return false |
| 1220 | } |
| 1221 | |
| 1222 | if (config.TrustProxyConfig.Loopback && ip.IsLoopback()) || |
| 1223 | (config.TrustProxyConfig.Private && ip.IsPrivate()) || |
| 1224 | (config.TrustProxyConfig.LinkLocal && ip.IsLinkLocalUnicast()) { |
| 1225 | return true |
| 1226 | } |
| 1227 | |
| 1228 | if _, trusted := config.TrustProxyConfig.ips[ip.String()]; trusted { |
| 1229 | return true |
| 1230 | } |
| 1231 | |
| 1232 | for _, ipNet := range config.TrustProxyConfig.ranges { |
| 1233 | if ipNet.Contains(ip) { |
| 1234 | return true |
| 1235 | } |
| 1236 | } |
| 1237 | |
| 1238 | return false |
| 1239 | } |
| 1240 | |
| 1241 | // IsFromLocal will return true if request came from a loopback IP. |
| 1242 | func (r *DefaultReq) IsFromLocal() bool { |