echo
echo copied to clipboard
labstack
[feature] Disable IP address detection
https://echo.labstack.com/guide/ip-address/
Our privacy policy forbids the use of customer IP address detection.
Any recommendation on how to disable the IPExtractor?
router.IPExtractor = nil
Or...
router.IPExtractor = func() echo.IPExtractor {
return func(req *http.Request) string {
req.RemoteAddr = ""
return ""
}
}()
Probably any variant that does not cause unexpected problems. I think setting it to nil should be OK. IPExtractor is only used where c.RealIP() is called so if you can avoid calling it - you are good to go.
By default, IPExtractor is nil — it is not set anywhere. And it is only accessed from https://github.com/labstack/echo/blob/6b09f3ffeb5085bf23a3e0749155752f574c331b/context.go#L283 and https://github.com/labstack/echo/blob/6b09f3ffeb5085bf23a3e0749155752f574c331b/middleware/proxy.go#L259
So unless you use RealIP or use the proxy middleware, you never call the IPExtractor.
Also the RemoteAddr is used in
https://github.com/labstack/echo/blob/6b09f3ffeb5085bf23a3e0749155752f574c331b/context.go#L301
and
https://github.com/labstack/echo/blob/6b09f3ffeb5085bf23a3e0749155752f574c331b/ip.go#L219
So unless you use RealIP or use the ExtractIPDirect, you never use the RemoteAddr.
The most guaranteed approach in your case is to write your own IPExtractor that returns an empty string (you can set it to nil, but just in case), and never use the things mentioned above.
