gddo-server: add a trust proxy flag identify requests by real ip.
X-Real-Ip is used as the remote address to identify the original
address sent through the requests to detect robots.
This fixes golang/gddo#393
Change-Id: I322061dd355340d864376e656185bd84fbbc9432
Reviewed-on: https://go-review.googlesource.com/21996
Reviewed-by: Andrew Gerrand <adg@golang.org>
diff --git a/gddo-server/main.go b/gddo-server/main.go
index ae96c9d..5c9315c 100644
--- a/gddo-server/main.go
+++ b/gddo-server/main.go
@@ -706,8 +706,10 @@
}
}()
- if s := req.Header.Get("X-Real-Ip"); s != "" && httputil.StripPort(req.RemoteAddr) == "127.0.0.1" {
- req.RemoteAddr = s
+ if *trustProxy {
+ if s := req.Header.Get("X-Real-Ip"); s != "" {
+ req.RemoteAddr = s
+ }
}
req.Body = http.MaxBytesReader(resp, req.Body, 2048)
@@ -838,6 +840,7 @@
httpAddr = flag.String("http", ":8080", "Listen for HTTP connections on this address.")
sidebarEnabled = flag.Bool("sidebar", false, "Enable package page sidebar.")
defaultGOOS = flag.String("default_goos", "", "Default GOOS to use when building package documents.")
+ trustProxy = flag.Bool("trust_proxy_headers", false, "If enabled, identify the remote address of the request using X-Real-Ip in header.")
)
func main() {