What's the correct way to get all client's IP Addresses from http.Request
? In PHP
there are a lot of variables that I should check. Is it the same on Go?
One that I found is:
req.RemoteAddr
And is the request case sensitive? for example x-forwarded-for
is the same as X-Forwarded-For
and X-FORWARDED-FOR
? (from req.Header.Get("X-FORWARDED-FOR")
)
$_SERVER['REMOTE_ADDR'] is the most reliable variable from the above list of variables. REMOTE_ADDR may not contain the real IP address of the TCP connection as well. It depends on the SAPI configuration. If the user is behind a proxy server, HTTP_X_FORWARDED_FOR will be set.
HTTP requests often pass through one or more proxy servers before they reach the endpoint web server, which changes the source IP address for the request. As a result, endpoint web servers cannot rely on the source IP from the network connection (socket) to be the IP address of the original request.
Looking at http.Request you can find the following member variables:
// HTTP defines that header names are case-insensitive. // The request parser implements this by canonicalizing the // name, making the first character and any characters // following a hyphen uppercase and the rest lowercase. // // For client requests certain headers are automatically // added and may override values in Header. // // See the documentation for the Request.Write method. Header Header // RemoteAddr allows HTTP servers and other software to record // the network address that sent the request, usually for // logging. This field is not filled in by ReadRequest and // has no defined format. The HTTP server in this package // sets RemoteAddr to an "IP:port" address before invoking a // handler. // This field is ignored by the HTTP client. RemoteAddr string
You can use RemoteAddr
to get the remote client's IP address and port (the format is "IP:port"), which is the address of the original requestor or the last proxy (for example a load balancer which lives in front of your server).
This is all you have for sure.
Then you can investigate the headers, which are case-insensitive (per documentation above), meaning all of your examples will work and yield the same result:
req.Header.Get("X-Forwarded-For") // capitalisation req.Header.Get("x-forwarded-for") // doesn't req.Header.Get("X-FORWARDED-FOR") // matter
This is because internally http.Header.Get
will normalise the key for you. (If you want to access header map directly, and not through Get
, you would need to use http.CanonicalHeaderKey first.)
Finally, "X-Forwarded-For"
is probably the field you want to take a look at in order to grab more information about client's IP. This greatly depends on the HTTP software used on the remote side though, as client can put anything in there if it wishes to. Also, note the expected format of this field is the comma+space separated list of IP addresses. You will need to parse it a little bit to get a single IP of your choice (probably the first one in the list), for example:
// Assuming format is as expected ips := strings.Split("10.0.0.1, 10.0.0.2, 10.0.0.3", ", ") for _, ip := range ips { fmt.Println(ip) }
will produce:
10.0.0.1 10.0.0.2 10.0.0.3
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With