How do you get the RemoteAddr (remote IP address) when deployed on Google App Engine Standard in Go

Question

I want to obtain the client/browser IP address to rate limit unauthenticated clients in my Google App Engine Standard/Go web app.

In the deployed app r.RemoteAddr returns the empty string.

Enumerating through the request headers (r.Header [string][]string) provides only the following entries.

    Content-Length
    X-Appengine-Citylatlong
    X-Appengine-Region
    Upgrade-Insecure-Requests
    Accept-Language
    X-Cloud-Trace-Context
    X-Appengine-Country
    X-Appengine-City
    Host
    Cache-Control
    Origin
    Content-Type
    Referer
    User-Agent
    Accept

No IP addresses.

How do you obtain the client IP?

What does the `RemoteAddr` field have? Is it just a proxy or load balancer, or is it correlated with the client? — JimB, Jan 08 '18 at 19:23
Possible duplicate of https://stackoverflow.com/questions/17222021/google-app-engine-golang-how-to-get-users-ip-address — Charlie Tumahai, Jan 08 '18 at 19:29
RemoteAddr (when in App Engine) returns an empty string. Typically it has the IP address of the client, however, sometimes it gets the IP of the load balancer. To work around this, load balancers sometimes add an X-Forwarded-For header with the client's IP. The IP address of the client is obtained using system calls from the server the receives that receives the HTTP request. It's not passed from the client. — Philip Constantinou, Jan 09 '18 at 07:12
Also note this question does a good job of enumerating all the possible headers used to pass client IP's, none of which are set by App Engine. https://stackoverflow.com/questions/16558869/getting-ip-address-of-client — Philip Constantinou, Jan 09 '18 at 17:15

Philip Constantinou · Answer 1 · 2018-01-10T05:24:11.620

0

In Google App Engine r.RemoteAddr does in fact return the IP address (my bad). However despite other recommendations ip, _, err := net.SplitHostPort(r.RemoteAddr) actual returns the error:

address 2601:645:8101:7784:7112:5258:8ba3:c888: too many colons in address

and no IP address.

Do not use net.SplitHostPort and you'll get an IPv6 address.

I've logged an issue with Google.

edited Jan 10 '18 at 05:24

answered Jan 09 '18 at 22:50

Philip Constantinou

95
2
8

2

Note: that's a valid IPv6 address, you *might* want to take such addresses into acount as well for your purpose. – Dan Cornilescu Jan 10 '18 at 01:07

How do you get the RemoteAddr (remote IP address) when deployed on Google App Engine Standard in Go

1 Answers1