72def get_real_ip(request: SXNG_Request) -> str:
73 """Returns real IP of the request. Since not all proxies set all the HTTP
74 headers and incoming headers can be faked it may happen that the IP cannot
75 be determined correctly.
76
77 .. sidebar:: :py:obj:`flask.Request.remote_addr`
78
79 SearXNG uses Werkzeug's ProxyFix_ (with it default ``x_for=1``).
80
81 This function tries to get the remote IP in the order listed below,
82 additional some tests are done and if inconsistencies or errors are
83 detected, they are logged.
84
85 The remote IP of the request is taken from (first match):
86
87 - X-Forwarded-For_ header
88 - `X-real-IP header <https://github.com/searxng/searxng/issues/1237#issuecomment-1147564516>`__
89 - :py:obj:`flask.Request.remote_addr`
90
91 .. _ProxyFix:
92 https://werkzeug.palletsprojects.com/middleware/proxy_fix/
93
94 .. _X-Forwarded-For:
95 https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
96
97 """
98
99 forwarded_for = request.headers.get("X-Forwarded-For")
100 real_ip = request.headers.get('X-Real-IP')
101 remote_addr = request.remote_addr
102
103
104
105
106 if not forwarded_for:
107 _log_error_only_once("X-Forwarded-For header is not set!")
108 else:
109 from . import cfg
110
111 forwarded_for = [x.strip() for x in forwarded_for.split(',')]
112 x_for: int = cfg['real_ip.x_for']
113 forwarded_for = forwarded_for[-min(len(forwarded_for), x_for)]
114
115 if not real_ip:
116 _log_error_only_once("X-Real-IP header is not set!")
117
118 if forwarded_for and real_ip and forwarded_for != real_ip:
119 logger.warning("IP from X-Real-IP (%s) is not equal to IP from X-Forwarded-For (%s)", real_ip, forwarded_for)
120
121 if forwarded_for and remote_addr and forwarded_for != remote_addr:
122 logger.warning(
123 "IP from WSGI environment (%s) is not equal to IP from X-Forwarded-For (%s)", remote_addr, forwarded_for
124 )
125
126 if real_ip and remote_addr and real_ip != remote_addr:
127 logger.warning("IP from WSGI environment (%s) is not equal to IP from X-Real-IP (%s)", remote_addr, real_ip)
128
129 request_ip = ip_address(forwarded_for or real_ip or remote_addr or '0.0.0.0')
130 if request_ip.version == 6 and request_ip.ipv4_mapped:
131 request_ip = request_ip.ipv4_mapped
132
133
134 return str(request_ip)