Expand description
Real-IP extraction for apps behind a trusted reverse proxy
(Cloudflare / nginx / ELB / etc). Parses X-Forwarded-For,
X-Real-IP, CF-Connecting-IP, or RFC 7239 Forwarded and stuffs
the resolved client IP into request extensions. See
real_ip::RealIpLayer.
Real-IP extraction middleware for apps behind a trusted reverse proxy.
axum::extract::ConnectInfo<SocketAddr> always reports the
immediate peer — useless when your app sits behind nginx /
Cloudflare / ELB. This middleware parses one of the common
forwarded-for headers and stuffs the resolved client IP into the
request extensions as a [RealIp] value.
§Quick start
use rustango::real_ip::{RealIpLayer, RealIpRouterExt, RealIp};
use axum::Extension;
// Trust the immediate proxy; read the leftmost (= original client)
// entry in X-Forwarded-For.
let app = axum::Router::new()
.route("/", axum::routing::get(home))
.real_ip(RealIpLayer::default());
async fn home(Extension(ip): Extension<RealIp>) -> String {
format!("hi, {}", ip.0)
}§Important security note
Never trust forwarded-for headers from the open internet — any client can set them. Apply this layer ONLY when a proxy you control terminates inbound requests and rewrites these headers, and configure that proxy to scrub them on the way in.
Structs§
- RealIp
- Resolved client IP. Stored in
request.extensionsbyRealIpLayer; pull it out viaaxum::Extension<RealIp>in your handler. - Real
IpLayer