-
-
Notifications
You must be signed in to change notification settings - Fork 142
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added TrustedProxies parameter #339
Conversation
Added the real client IP as ClientID in Context and used this for IP abuse count/block/ban
Added the real client IP as ClientID in Context and used this for IP abuse count/block/ban : func ClientRealIP(next http.Handler)
func ClientRealIP(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
clientID := GetClientIP(r)
if(clientID == ""){
http.Error(w, "Invalid request", http.StatusBadRequest)
return
}
ctx := context.WithValue(r.Context(), "ClientID", clientID)
r = r.WithContext(ctx)
next.ServeHTTP(w, r)
})
} Use Real Client IP
func BlockByCountryMiddleware(blockedCountries []string, CountryBlacklistIsWhitelist bool) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
ip, ok := r.Context().Value("ClientID").(string)
if !ok {
http.Error(w, "Invalid request", http.StatusBadRequest)
return
}
[...]
} (103.X.X.135 is my trusted proxy that can no longer be blocked) |
Using IPInRange in IsTrustedProxy SplitIP put back in shield (this is not a problem with a standard forwarded-for header) Modified IPInRange to allow comparison of 2 valid IPs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using IPInRange in IsTrustedProxy
SplitIP put back in shield (this is not a problem with a standard forwarded-for header)
Modified IPInRange to allow comparison of 2 valid IPs
Added TrustedProxies parameter in settings :
For requests from these IPs, the shield will use the IP in X-Forwarded-For (if defined) to identify the client to block and thus avoid blocking the proxy server IP