Skip to content

feat: add http.peer_ip to the root span#143

Open
zefr0x wants to merge 1 commit intoLukeMathWalker:mainfrom
zefr0x:main
Open

feat: add http.peer_ip to the root span#143
zefr0x wants to merge 1 commit intoLukeMathWalker:mainfrom
zefr0x:main

Conversation

@zefr0x
Copy link

@zefr0x zefr0x commented Aug 31, 2025
edited
Loading

realip_remote_addr can be spoofed without using proxy or not configuring it properly. peer_addr is considered more trustworthy for security-sensitive operations, which is the actual socket address of the client when not behind any proxy, and the proxy's address otherwise.

When we are using a trusted and properly configured proxy, peer_addr should return the proxy's address, and realip_remote_addr should return a trusted client address.

Read:
https://docs.rs/actix-web/4.11.0/actix_web/dev/struct.ConnectionInfo.html#security

@zefr0x
feat: add http.peer_ip to the root span
a32cde4 
`realip_remote_addr` can be spoofed without using proxy or not
configuring it properly. `peer_addr` is considered more trustworthy for
security-sensitive operations, which is the actual socket address of the
client when not behind any proxy, and the proxy's address otherwise.

When we are using a trusted and properly configured proxy, `peer_addr`
should return the proxy's address, and `realip_remote_addr` should return
a trusted client address.
@omid
Copy link
Contributor

omid commented Sep 10, 2025

@zefr0x read this: #106 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zefr0x @omid