Class EffectiveClientIpResolver
java.lang.Object
com.soklet.EffectiveClientIpResolver
Resolves a client's effective IP address from a request's socket peer and forwarded headers.
Forwarded headers can be spoofed if Soklet is reachable directly. Choose a EffectiveOriginResolver.TrustPolicy that matches your
deployment and, for EffectiveOriginResolver.TrustPolicy.TRUST_PROXY_ALLOWLIST, provide a trusted proxy predicate or allowlist.
If the remote address is missing or not trusted, forwarded headers are ignored and the socket peer is returned when available.
Extraction order is: trusted Forwarded for= values, trusted X-Forwarded-For values, then the socket peer.
Only IP literals are accepted from forwarded headers; hostnames, obfuscated identifiers, unknown, and malformed values are ignored.
- Author:
- Mark Allen
-
Method Summary
Modifier and TypeMethodDescriptionremoteAddress(@Nullable InetSocketAddress remoteAddress) The remote address of the client connection.resolve()Resolves the effective client IP address.trustedProxyAddresses(@NonNull Set<@NonNull InetAddress> trustedProxyAddresses) Allows specifying an IP allowlist for trusted proxies.trustedProxyPredicate(@Nullable Predicate<InetSocketAddress> trustedProxyPredicate) Predicate used whenEffectiveOriginResolver.TrustPolicy.TRUST_PROXY_ALLOWLISTis in effect.withHeaders(@NonNull Map<@NonNull String, @NonNull Set<@NonNull String>> headers, @NonNull EffectiveOriginResolver.TrustPolicy trustPolicy) Acquires a resolver seeded with raw request headers and a trust policy.withRequest(@NonNull Request request, @NonNull EffectiveOriginResolver.TrustPolicy trustPolicy) Acquires a resolver seeded with aRequestand a trust policy.
-
Method Details
-
withHeaders
public static @NonNull EffectiveClientIpResolver withHeaders(@NonNull Map<@NonNull String, @NonNull Set<@NonNull String>> headers, @NonNull EffectiveOriginResolver.TrustPolicy trustPolicy) Acquires a resolver seeded with raw request headers and a trust policy.- Parameters:
headers- HTTP request headerstrustPolicy- how forwarded headers should be trusted- Returns:
- the resolver
-
withRequest
public static @NonNull EffectiveClientIpResolver withRequest(@NonNull Request request, @NonNull EffectiveOriginResolver.TrustPolicy trustPolicy) Acquires a resolver seeded with aRequestand a trust policy.- Parameters:
request- the current requesttrustPolicy- how forwarded headers should be trusted- Returns:
- the resolver
-
resolve
Resolves the effective client IP address.- Returns:
- the effective client IP address, or
Optional.empty()if no client IP could be determined
-
remoteAddress
The remote address of the client connection.- Parameters:
remoteAddress- the remote address, ornullif unavailable- Returns:
- this resolver
-
trustedProxyPredicate
public @NonNull EffectiveClientIpResolver trustedProxyPredicate(@Nullable Predicate<InetSocketAddress> trustedProxyPredicate) Predicate used whenEffectiveOriginResolver.TrustPolicy.TRUST_PROXY_ALLOWLISTis in effect.- Parameters:
trustedProxyPredicate- predicate that returnstruefor trusted proxies- Returns:
- this resolver
-
trustedProxyAddresses
public @NonNull EffectiveClientIpResolver trustedProxyAddresses(@NonNull Set<@NonNull InetAddress> trustedProxyAddresses) Allows specifying an IP allowlist for trusted proxies.- Parameters:
trustedProxyAddresses- IP addresses of trusted proxies- Returns:
- this resolver
-