search

rdegges / ipify-api

A public IP API service.
MIT License
1.74k stars 226 forks source link

another X-Forwarded-For thread #73

Open elagano opened 8 months ago

elagano commented 8 months ago

Is it considered OK that XFF messes up ipify logic:

$ curl 'https://api.ipify.org?format=json' {"ip":"-.-.-.60"} <-- correct IP blanked out

$ curl -H "X-Forwarded-For: 127.0.0.1" 'https://api.ipify.org?format=json' {"ip":"127.0.0.1"}

Asking as some user was using ipify.org output saying I do not know what I was talking about, but it is in fact ipify.org that does not know how to handle XFFs properly

At least it knows to strip out rightmost XFFs, which is good:

curl -H "X-Forwarded-For: 127.0.0.1,255.255.255.255" 'https://api.ipify.org?format=json' {"ip":"127.0.0.1"}

-Eric