如何在使用golang http包时限制客户端IP地址

至于包装你的多路复用器,它很简单：

apiServer := &http.Server{
    Addr:    "0.0.0.0:8080",Handler: http.HandlerFunc( func(w http.ResponseWriter,req *http.Request) {
        // get the real IP of the user,see below
        addr := getRealAddr(req)

       // the actual vaildation - replace with whatever you want
       if (addr != "1.2.3.4") {
            http.Error(w,"Blocked",401)
            return
        }
        // pass the request to the mux
        apiMux.ServeHTTP(w,req)
    }),}

我正在附加getRealAddr函数,该函数来自我做过类似事情的实际项目：

func getRealAddr(r *http.Request)  string {

    remoteIP := ""
    // the default is the originating ip. but we try to find better options because this is almost
    // never the right IP
    if parts := strings.Split(r.RemoteAddr,":"); len(parts) == 2 {
        remoteIP = parts[0]
    }
    // If we have a forwarded-for header,take the address from there
    if xff := strings.Trim(r.Header.Get("X-Forwarded-For"),","); len(xff) > 0 {
        addrs := strings.Split(xff,")
        lastFwd := addrs[len(addrs)-1]
        if ip := net.ParseIP(lastFwd); ip != nil {
            remoteIP = ip.String()
        }
    // parse X-Real-Ip header
    } else if xri := r.Header.Get("X-Real-Ip"); len(xri) > 0 {
        if ip := net.ParseIP(xri); ip != nil {
            remoteIP = ip.String()
        }
    }

    return remoteIP

}

至于过滤,它可以基于一组ips或CIDR范围,当然,这取决于你.

如果您有兴趣,上面的代码来自我编写的一个API构建工具包,名为Vertex,它内置了这个：https://github.com/EverythingMe/vertex