Skip to content

Commit 5785956

Browse files
committed
catch the negative depth invalid config.
1 parent 2c0ec8a commit 5785956

2 files changed

Lines changed: 8 additions & 1 deletion

File tree

request/real_ip.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,8 +45,9 @@ func RealIP(r *http.Request) string {
4545

4646
// Choose the appropriate IP based on depth
4747
// depth=0 means first IP (leftmost), depth=1 means last IP, depth=2 means second to last, etc.
48+
// Negative depth is invalid and treated same as 0/unset.
4849
var ip string
49-
if depth == 0 {
50+
if depth <= 0 {
5051
ip = strings.TrimSpace(xffs[0])
5152
} else {
5253
ip = strings.TrimSpace(xffs[len(xffs)-depth])

request/real_ip_test.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -235,6 +235,12 @@ func TestXFFDepth(t *testing.T) {
235235
depth: 0,
236236
expected: "10.0.0.1",
237237
},
238+
{
239+
name: "Depth -5 (Negative Depth uses same as NO depth)",
240+
xffValue: "10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1",
241+
depth: -5,
242+
expected: "10.0.0.1",
243+
},
238244
{
239245
name: "Header with spaces",
240246
xffValue: "10.0.0.1, 11.0.0.1, 12.0.0.1, 13.0.0.1",

0 commit comments

Comments
 (0)