The problem with "realip" is, what if I fake the IP header values?

tomasen / realip

a golang library that can get client's real public ip address from http request headers

MIT License

221 stars 47 forks source link

Open hiqsociety opened 3 years ago

hiqsociety commented 3 years ago

The problem with "realip" is, what if I fake the IP header values like "X-Real-Ip"?

Nice work by the way.

Battery233 commented 3 years ago

The sender can set arbitrary values to the headers like "X-Real-Ip". So yes, this cannot get the real IP if the sender intends to hide it.