Comments (3)
Sure thing. Hope it makes sense. :)
from remote_ip.
Not a bug. IPs are processed last-to-first to prevent IP spoofing. If we trusted the first IP, it'd be trivial to spoof the IP of a request by setting a fake header, like curl -H "X-Forwarded-For: 1.2.3.4" http://your.site/
.
Further reading:
- https://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/
- https://hexdocs.pm/remote_ip/algorithm.html
If you know 150.172.238.178 and 70.41.3.18 are trusted proxies, configure the :proxies
option accordingly (see https://hexdocs.pm/remote_ip/RemoteIp.Options.html).
from remote_ip.
Thank you for your reply and pointing to some articles with more information
from remote_ip.
Related Issues (16)
- Add inet_cidr to included_applications HOT 5
- @reserved is incorrect HOT 1
- problem with rewritten IP HOT 2
- :combine should not be in :included_applications
- Dialyzer warning HOT 5
- Question about mapped-ipv4 ipv6 format HOT 3
- Export `RemoteIp.Block` as its own package? HOT 8
- Good article on `x-forwarded-for` parsing HOT 10
- Unsure of Implementation HOT 5
- Support for `Fly-Client-IP`? HOT 7
- Plug.Conn also has get_peer_data, which returns the original ip HOT 3
- Parse X-Forwarded-Port and X-Forwarded-Proto HOT 3
- Doesn't Work Running Server in Docker Container HOT 5
- Any way to pass runtime information to `init` HOT 1
- RFC1918 IPs shouldn't be discarded by default HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from remote_ip.