The config "RemoteAddrPrivateSubnet" variable is allowed to append, but not to be removed or set new.
For the users of local network, "ctx.RemoteAddr()" can only get proxy server ip, can't get real ip.
Sure, you can look at https://github.com/kataras/iris/blob/8e7bc605e6903b7577c2537912da034ecd06aa07/configuration.go#L990
It describes how to customize the configuration. That way you should get exactly what you want, you just have to create your own list.
Here a Example:
iris.WithConfiguration(iris.Configuration{
RemoteAddrPrivateSubnets: []netutil.IPRange{
{
Start: net.ParseIP("10.0.0.0"),
End: net.ParseIP("10.255.255.255"),
},
},
}),
@linanh look what @Dexus posted, that's the way.
@kataras For local network users, the default value of "RemoteAddrPrivateSubnet" will cause incompatibility problem with version v12.1.
@linanh These default values are the recommended to use on a typical web application. You can modify them with ease. Do you prefer to leave the default list as empty instead, what's your suggestion? Thanks
@kataras In https://github.com/kataras/iris/blob/master/core/netutil/ip.go#L44, if a public IP address is not found, return the first IP address, and don't return false.
@linanh The core/netutil/ip.go is for the IPs retrieved by request headers such as X-Forwarded-For, look at: https://github.com/kataras/iris/blob/a50f0ed5babfdfbe346bac264e0f47f74e16135f/configuration.go#L782-L800 Its job is to return a valid "public" IP, if there is not a single valid public IP available then it SHOULD return empty and false so the context.RemoteAddr can continue its job by fetching the address from Request.RemoteAddr, if non of the above passes. Look at: https://github.com/kataras/iris/blob/a50f0ed5babfdfbe346bac264e0f47f74e16135f/context/context.go#L827-L835
Your suggestion will break part of the Private Subnet feature, because if it's private then it will return it, which we try to avoid, that's why it's implemented at the first place. If you think a private/local sub network should be treated as a remote network then you can just edit the Configuration.RemoteAddrPrivateSubnets as @Dexus pointed out above.
However, if you really want to extract the IP from headers, even e non-public one and not from Request.RemoteAddr as fallback, we can add a Configuration.RemoteAddrHeadersForce bool which will force Iris to return the first IP, even if it's found as part of private sub networks. Is that OK with you?
UPDATE: Note that because of RemoteAddrHeaders is a map, it has no order, so that field may not always return the first entry of the same request header. For that reason, I will introduce a breaking change for RemoteAddrHeaders, from a map[string]bool to just a []string, which seems more appropriate for devs that care about the matching order of those request headers.
UPDATE: Upgrade to the latest master, add the RemoteAddrHeadersForce: true and you are ready to Go.
$ cd your project
$ go get -u github.com/kataras/iris/v12@master
Thanks,
Gerasimos Maropoulos
@kataras Thanks.
You are welcome @linanh !