ol.client-ip.core
Core implementation of the client-ip library for extracting client IPs from forwarding headers.
The client-ip library is designed to accurately determine the original client IP address from HTTP forwarding headers in Ring applications. It uses a strategy-based approach where different strategies handle different network configurations.
Main Features
- Strategy-based IP detection for different network setups
- Processes IPs according to the chosen strategy to prevent spoofing
- Supports all common headers: X-Forwarded-For, X-Real-IP, Forwarded (RFC 7239), etc.
Usage
The main entry point is the wrap-client-ip middleware function that requires
a strategy and adds the :ol/client-ip key to the Ring request map:
(require '[ol.client-ip.core :refer [wrap-client-ip]]
'[ol.client-ip.strategy :as strategy])
(def app
(-> handler
(wrap-client-ip {:strategy (strategy/rightmost-non-private-strategy "x-forwarded-for")})
;; other middleware
))
You can also use from-request to extract client IPs directly from requests:
(from-request request (strategy/rightmost-trusted-count-strategy "x-forwarded-for" 2))
;; => "203.0.113.195"
See the strategy documentation for more details on choosing the right strategy.
Core implementation of the client-ip library for extracting client IPs from forwarding headers.
The client-ip library is designed to accurately determine the original client IP address
from HTTP forwarding headers in Ring applications. It uses a strategy-based approach
where different strategies handle different network configurations.
## Main Features
* Strategy-based IP detection for different network setups
* Processes IPs according to the chosen strategy to prevent spoofing
* Supports all common headers: X-Forwarded-For, X-Real-IP, Forwarded (RFC 7239), etc.
## Usage
The main entry point is the `wrap-client-ip` middleware function that requires
a strategy and adds the `:ol/client-ip` key to the Ring request map:
```clojure
(require '[ol.client-ip.core :refer [wrap-client-ip]]
'[ol.client-ip.strategy :as strategy])
(def app
(-> handler
(wrap-client-ip {:strategy (strategy/rightmost-non-private-strategy "x-forwarded-for")})
;; other middleware
))
```
You can also use `from-request` to extract client IPs directly from requests:
```clojure
(from-request request (strategy/rightmost-trusted-count-strategy "x-forwarded-for" 2))
;; => "203.0.113.195"
```
See the strategy documentation for more details on choosing the right strategy.ol.client-ip.ip
IP address utilities for conversion and classification.
This namespace provides functions for working with IP addresses, particularly for converting between string, InetAddress, and numeric representations. It follows RFC 5952 for IPv6 address formatting and provides utilities for type checking and serialization.
NOTE: None of the functions in this namespace accept ip addreses input as strings.
Use ol.client-ip.parse-ip/from-string to convert strings to InetAddress objects.
The key operations available are:
- Type checking with
ipv4?andipv6? - String formatting with
format-ip - Numeric conversion with
->numericandnumeric->
These functions are designed to work with the java.net.InetAddress
class hierarchy and its subclasses Inet4Address and Inet6Address.
Refer to ol.client-ip.parse-ip and ol.client-ip.cidr for more useful functions.
IP address utilities for conversion and classification. This namespace provides functions for working with IP addresses, particularly for converting between string, InetAddress, and numeric representations. It follows RFC 5952 for IPv6 address formatting and provides utilities for type checking and serialization. NOTE: None of the functions in this namespace accept ip addreses input as strings. Use [[ol.client-ip.parse-ip/from-string]] to convert strings to InetAddress objects. The key operations available are: * Type checking with `ipv4?` and `ipv6?` * String formatting with `format-ip` * Numeric conversion with `->numeric` and `numeric->` These functions are designed to work with the `java.net.InetAddress` class hierarchy and its subclasses `Inet4Address` and `Inet6Address`. Refer to [[ol.client-ip.parse-ip]] and [[ol.client-ip.cidr]] for more useful functions.
ol.client-ip.parse-ip
Parse a string representation of an IPv4 or IPv6 address into an InetAddress instance.
Unlike InetAddress/getByName, the functions in this namespace never cause
DNS services to be accessed. This avoids potentially blocking/side-effecting
network calls that can occur when using the JDK's built-in methods to parse IP
addresses.
This implementation is inspired by Google Guava's InetAddresses class, which provides similar functionality in Java. This code focuses on strict validation of IP address formats according to relevant RFCs.
Features:
- Non-blocking IP address parsing with pure functions
- Strict RFC-compliant validation
- Support for all IPv4 formats
- Support for all IPv6 formats (including compressed notation and embedded IPv4)
- Support for IPv6 scope identifiers
The main entry point is parse-ip, which takes a string and returns an
InetAddress instance or nil if the input is an invalid ip address literal.
Parse a string representation of an IPv4 or IPv6 address into an InetAddress instance. Unlike `InetAddress/getByName`, the functions in this namespace never cause DNS services to be accessed. This avoids potentially blocking/side-effecting network calls that can occur when using the JDK's built-in methods to parse IP addresses. This implementation is inspired by Google Guava's InetAddresses class, which provides similar functionality in Java. This code focuses on strict validation of IP address formats according to relevant RFCs. Features: - Non-blocking IP address parsing with pure functions - Strict RFC-compliant validation - Support for all IPv4 formats - Support for all IPv6 formats (including compressed notation and embedded IPv4) - Support for IPv6 scope identifiers The main entry point is `parse-ip`, which takes a string and returns an InetAddress instance or nil if the input is an invalid ip address literal.
ol.client-ip.strategy
Strategy implementations for determining client IP addresses.
This namespace provides various strategy implementations for extracting the real client IP from HTTP headers and connection information.
Each strategy is designed for specific network configurations:
RemoteAddrStrategy- Direct connections (no reverse proxy)SingleIPHeaderStrategy- Single trusted reverse proxy with single IP headersRightmostNonPrivateStrategy- Multiple proxies, all with private IPsLeftmostNonPrivateStrategy- Get IP closest to original client (not secure)RightmostTrustedCountStrategy- Fixed number of trusted proxiesRightmostTrustedRangeStrategy- Known trusted proxy IP rangesChainStrategy- Try multiple strategies in order
Strategies are created once and reused across requests. They are thread-safe and designed to fail fast on configuration errors while being resilient to malformed input during request processing.
Strategy implementations for determining client IP addresses. This namespace provides various strategy implementations for extracting the real client IP from HTTP headers and connection information. Each strategy is designed for specific network configurations: * `RemoteAddrStrategy` - Direct connections (no reverse proxy) * `SingleIPHeaderStrategy` - Single trusted reverse proxy with single IP headers * `RightmostNonPrivateStrategy` - Multiple proxies, all with private IPs * `LeftmostNonPrivateStrategy` - Get IP closest to original client (not secure) * `RightmostTrustedCountStrategy` - Fixed number of trusted proxies * `RightmostTrustedRangeStrategy` - Known trusted proxy IP ranges * `ChainStrategy` - Try multiple strategies in order Strategies are created once and reused across requests. They are thread-safe and designed to fail fast on configuration errors while being resilient to malformed input during request processing.
cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |