{"id":28105049,"url":"https://github.com/appsflyer/srealip","last_synced_at":"2025-10-10T03:35:54.168Z","repository":{"id":57658634,"uuid":"458831093","full_name":"AppsFlyer/srealip","owner":"AppsFlyer","description":"Go package for securely extracting HTTP client's real public IP","archived":false,"fork":false,"pushed_at":"2023-05-13T04:41:25.000Z","size":22,"stargazers_count":5,"open_issues_count":0,"forks_count":3,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-07-14T20:16:36.094Z","etag":null,"topics":["go","golang","http","ip","security"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/AppsFlyer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-02-13T14:21:05.000Z","updated_at":"2025-04-28T13:06:21.000Z","dependencies_parsed_at":"2024-06-20T01:33:57.799Z","dependency_job_id":"aeb47ff2-4494-48d7-bb56-95f22e6fb736","html_url":"https://github.com/AppsFlyer/srealip","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/AppsFlyer/srealip","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AppsFlyer%2Fsrealip","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AppsFlyer%2Fsrealip/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AppsFlyer%2Fsrealip/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AppsFlyer%2Fsrealip/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/AppsFlyer","download_url":"https://codeload.github.com/AppsFlyer/srealip/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AppsFlyer%2Fsrealip/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279002621,"owners_count":26083425,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["go","golang","http","ip","security"],"created_at":"2025-05-13T21:20:14.750Z","updated_at":"2025-10-10T03:35:54.148Z","avatar_url":"https://github.com/AppsFlyer.png","language":"Go","readme":"# srealip (Secure Real IP)\n\n[![Actions Status](https://github.com/AppsFlyer/srealip/workflows/srealip/badge.svg?branch=main)](https://github.com/AppsFlyer/srealip/actions)\n[![Godocs](https://img.shields.io/badge/golang-documentation-blue.svg)](https://pkg.go.dev/github.com/AppsFlyer/srealip)\n\nGo package for securely extracting HTTP client's real public IP for rate limit, IP limit or logging on HTTP Server.\n\n(Update - see this [Blog by Adam Pritchard](https://adam-p.ca/blog/2022/03/x-forwarded-for/?s=09) for comprehensive analysis of HTTP headers and security)\n\nThe library provides two methods for extracting the IP address from HTTP Request:\n\n- **SecureRealIP** - returns the trusted non-private real IP address from input request. This IP can be trusted only if your HTTP server is behind a reverse proxy such as [AWS ELB/ALB](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/x-forwarded-headers.html), [Azure Front Door](https://docs.microsoft.com/en-us/azure/frontdoor/afront-door-http-headers-protocol) or [Google Load Balancer](https://cloud.google.com/load-balancing/docs/https#x-forwarded-for_header). It can be used for security use cases (Rate Limit, IP Limit, etc..).\n\n- **NaiveRealIP** - returns the most real non-private IP address (\"closest to client\") from input request. This IP can be spoofed by malicious sender, so avoid using it for security purposes (only for logging or troubleshooting).\n\n## Example\n\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\t\"net/http\"\n\n\t\"github.com/AppsFlyer/srealip\"\n)\n\nfunc Handle(r *http.Request) {\n\tnaiveIP := srealip.NaiveRealIP(r)\n\n\tfmt.Printf(\"Client's IP for logging / troubleshooting: %s\\n\", naiveIP)\n\n\tsecureIP := srealip.SecureRealIP(r)\n\tfmt.Printf(\"Client's IP for rate / ip limit: %s\\n\", secureIP)\n}\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fappsflyer%2Fsrealip","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fappsflyer%2Fsrealip","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fappsflyer%2Fsrealip/lists"}