Remove headers set by a trusted proxy from outputs

Makefile

@@ -16,7 +16,7 @@ integration-test:
 .PHONY: install-tools
 install-tools:
 	@command golangci-lint > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOPATH)/bin v1.45.0; \
+		curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOPATH)/bin v1.45.2; \
 	fi
 
 	@command $(GOPATH)/shadow > /dev/null 2>&1; if [ $$? -ne 0 ]; then \

README.md

@@ -13,7 +13,7 @@
   - [Examples](#examples)
     - [Run a default TCP server](#run-a-default-tcp-server)
     - [Run a TLS (HTTP/2) server only](#run-a-tls-http2-server-only)
-    - [Run a default TCP server with a custom template and trust a custom header set by an upstream proxy](#run-a-default-tcp-server-with-a-custom-template-and-trust-a-custom-header-set-by-an-upstream-proxy)
+    - [Run a default TCP server with a custom template and trust a pair of custom headers set by an upstream proxy](#run-a-default-tcp-server-with-a-custom-template-and-trust-a-pair-of-custom-headers-set-by-an-upstream-proxy)
   - [Download](#download)
   - [Docker](#docker)
     - [Run a container locally using test databases](#run-a-container-locally-using-test-databases)
@@ -36,7 +36,7 @@ curl -6 ifconfig.es
 ## Features
 
 - TLS and HTTP/2.
-- Can run behind a proxy by trusting a custom header (usually `X-Real-IP`) to figure out the source IP address.
+- Can run behind a proxy by trusting a custom header (usually `X-Real-IP`) to figure out the source IP address. It also supports a custom header to resolve the client port, if the proxy can only add a header for the IP (for example a fixed header from CDNs) the client port is shown as unknown.
 - IPv4 and IPv6.
 - Geolocation info including ASN. This feature is possible thanks to [maxmind](https://dev.maxmind.com/geoip/geolite2-free-geolocation-data?lang=en) GeoLite2 databases. In order to use these databases, a license key is needed. Please visit Maxmind site for further instructions and get a free license.
 - High performance.
@@ -47,6 +47,7 @@ curl -6 ifconfig.es
 ## Endpoints
 
 - https://ifconfig.es/
+- https://ifconfig.es/client-port
 - https://ifconfig.es/json (this is the same as `curl -H "Accept: application/json" https://ifconfig.es/`)
 - https://ifconfig.es/geo
   - https://ifconfig.es/geo/city
@@ -72,9 +73,11 @@ Golang >= 1.17 is required. Previous versions may work.
 ## Usage
 
 ```text
-Usage of ./whatismyip:
+Usage of whatismyip:
   -bind string
         Listening address (see https://pkg.go.dev/net?#Listen) (default ":8080")
+  -enable-secure-headers
+        Add sane security-related headers to every response
   -geoip2-asn string
         Path to GeoIP2 ASN database
   -geoip2-city string
@@ -88,7 +91,9 @@ Usage of ./whatismyip:
   -tls-key string
         When using TLS, path to private key file
   -trusted-header string
-        Trusted request header for remote IP (e.g. X-Real-IP)
+        Trusted request header for remote IP (e.g. X-Real-IP). When using this feature if -trusted-port-header is not set the client port is shown as 'unknown'
+  -trusted-port-header string
+        Trusted request header for remote client port (e.g. X-Real-Port). When this parameter is set -trusted-header becomes mandatory
   -version
         Output version information and exit
 ```
@@ -108,11 +113,11 @@ Usage of ./whatismyip:
              -bind "" -tls-bind :8081 -tls-crt ./test/server.pem -tls-key ./test/server.key
 ```
 
-### Run a default TCP server with a custom template and trust a custom header set by an upstream proxy
+### Run a default TCP server with a custom template and trust a pair of custom headers set by an upstream proxy
 
 ```bash
 ./whatismyip -geoip2-city ./test/GeoIP2-City-Test.mmdb -geoip2-asn ./test/GeoLite2-ASN-Test.mmdb \
-             -trusted-header X-Real-IP -template mytemplate.tmpl
+             -trusted-header X-Real-IP -trusted-port-header X-Real-Port -template mytemplate.tmpl
 ```
 
 ## Download
@@ -121,7 +126,7 @@ Download latest version from https://github.com/dcarrillo/whatismyip/releases
 
 ## Docker
 
-An ultra-light (~9MB) image is available.
+An ultra-light (~10MB) image is available at [docker hub](https://hub.docker.com/r/dcarrillo/whatismyip).
 
 ### Run a container locally using test databases
 

internal/httputils/http.go

@@ -3,9 +3,11 @@ package httputils
 import (
 	"fmt"
 	"net/http"
+	"net/textproto"
 	"sort"
 	"strings"
 
+	"github.com/dcarrillo/whatismyip/internal/setting"
 	"github.com/gin-gonic/gin"
 )
 
@@ -32,6 +34,17 @@ func HeadersToSortedString(headers http.Header) string {
 	return output
 }
 
+// GetHeadersWithoutTrustedHeaders return a http.Heade object with the original headers except trusted headers
+func GetHeadersWithoutTrustedHeaders(ctx *gin.Context) http.Header {
+	h := ctx.Request.Header
+
+	for _, k := range []string{setting.App.TrustedHeader, setting.App.TrustedPortHeader} {
+		delete(h, textproto.CanonicalMIMEHeaderKey(k))
+	}
+
+	return h
+}
+
 // GetLogFormatter returns our custom log format
 func GetLogFormatter(param gin.LogFormatterParams) string {
 	return fmt.Sprintf("%s - [%s] \"%s %s %s\" %d %d %d %s \"%s\" \"%s\" \"%s\"\n",

internal/setting/app.go

@@ -27,6 +27,7 @@ type settings struct {
 	TLSCrtPath          string
 	TLSKeyPath          string
 	TrustedHeader       string
+	TrustedPortHeader   string
 	EnableSecureHeaders bool
 	Server              serverSettings
 	version             bool
@@ -69,10 +70,17 @@ func Setup(args []string) (output string, err error) {
 	)
 	flags.StringVar(&App.TLSCrtPath, "tls-crt", "", "When using TLS, path to certificate file")
 	flags.StringVar(&App.TLSKeyPath, "tls-key", "", "When using TLS, path to private key file")
-	flags.StringVar(&App.TrustedHeader,
+	flags.StringVar(
+		&App.TrustedHeader,
 		"trusted-header",
 		"",
-		"Trusted request header for remote IP (e.g. X-Real-IP)",
+		"Trusted request header for remote IP (e.g. X-Real-IP). When using this feature if -trusted-port-header is not set the client port is shown as 'unknown'",
+	)
+	flags.StringVar(
+		&App.TrustedPortHeader,
+		"trusted-port-header",
+		"",
+		"Trusted request header for remote client port (e.g. X-Real-Port). When this parameter is set -trusted-header becomes mandatory",
 	)
 	flags.BoolVar(&App.version, "version", false, "Output version information and exit")
 	flags.BoolVar(
@@ -91,21 +99,25 @@ func Setup(args []string) (output string, err error) {
 		return fmt.Sprintf("whatismyip version %s", core.Version), ErrVersion
 	}
 
+	if App.TrustedPortHeader != "" && App.TrustedHeader == "" {
+		return "", fmt.Errorf("truster-header is mandatory when truster-port-header is set\n")
+	}
+
 	if App.GeodbPath.City == "" || App.GeodbPath.ASN == "" {
-		return "", fmt.Errorf("geoip2-city and geoip2-asn parameters are mandatory")
+		return "", fmt.Errorf("geoip2-city and geoip2-asn parameters are mandatory\n")
 	}
 
 	if (App.TLSAddress != "") && (App.TLSCrtPath == "" || App.TLSKeyPath == "") {
-		return "", fmt.Errorf("In order to use TLS -tls-crt and -tls-key flags are mandatory")
+		return "", fmt.Errorf("In order to use TLS -tls-crt and -tls-key flags are mandatory\n")
 	}
 
 	if App.TemplatePath != "" {
 		info, err := os.Stat(App.TemplatePath)
 		if os.IsNotExist(err) {
-			return "", fmt.Errorf("%s no such file or directory", App.TemplatePath)
+			return "", fmt.Errorf("%s no such file or directory\n", App.TemplatePath)
 		}
 		if info.IsDir() {
-			return "", fmt.Errorf("%s must be a file", App.TemplatePath)
+			return "", fmt.Errorf("%s must be a file\n", App.TemplatePath)
 		}
 	}
 

internal/setting/app_test.go

@@ -8,51 +8,51 @@ import (
 	"time"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestParseMandatoryFlags(t *testing.T) {
 	var mandatoryFlags = []struct {
 		args []string
-		conf settings
 	}{
 		{
 			[]string{},
-			settings{},
 		},
 		{
 			[]string{"-geoip2-city", "/city-path"},
-			settings{},
 		},
 		{
 			[]string{"-geoip2-asn", "/asn-path"},
-			settings{},
 		},
 		{
 			[]string{
 				"-geoip2-city", "/city-path", "-geoip2-asn", "/asn-path", "-tls-bind", ":9000",
 			},
-			settings{},
 		},
 		{
 			[]string{
 				"-geoip2-city", "/city-path", "-geoip2-asn", "/asn-path", "-tls-bind", ":9000",
 				"-tls-crt", "/crt-path",
 			},
-			settings{},
 		},
 		{
 			[]string{
 				"-geoip2-city", "/city-path", "-geoip2-asn", "/asn-path", "-tls-bind", ":9000",
 				"-tls-key", "/key-path",
 			},
-			settings{},
+		},
+		{
+			[]string{
+				"-geoip2-city", "/city-path", "-geoip2-asn", "/asn-path", "-bind", ":8000",
+				"-trusted-port-header", "port-header",
+			},
 		},
 	}
 
 	for _, tt := range mandatoryFlags {
 		t.Run(strings.Join(tt.args, " "), func(t *testing.T) {
 			_, err := Setup(tt.args)
-			assert.NotNil(t, err)
+			require.NotNil(t, err)
 			assert.Contains(t, err.Error(), "mandatory")
 		})
 	}
@@ -70,13 +70,7 @@ func TestParseFlags(t *testing.T) {
 					City: "/city-path",
 					ASN:  "/asn-path",
 				},
-				TemplatePath:        "",
+				BindAddress: ":8080",
-				BindAddress:         ":8080",
-				TLSAddress:          "",
-				TLSCrtPath:          "",
-				TLSKeyPath:          "",
-				TrustedHeader:       "",
-				EnableSecureHeaders: false,
 				Server: serverSettings{
 					ReadTimeout:  10 * time.Second,
 					WriteTimeout: 10 * time.Second,
@@ -90,13 +84,7 @@ func TestParseFlags(t *testing.T) {
 					City: "/city-path",
 					ASN:  "/asn-path",
 				},
-				TemplatePath:        "",
+				BindAddress: ":8001",
-				BindAddress:         ":8001",
-				TLSAddress:          "",
-				TLSCrtPath:          "",
-				TLSKeyPath:          "",
-				TrustedHeader:       "",
-				EnableSecureHeaders: false,
 				Server: serverSettings{
 					ReadTimeout:  10 * time.Second,
 					WriteTimeout: 10 * time.Second,
@@ -113,13 +101,29 @@ func TestParseFlags(t *testing.T) {
 					City: "/city-path",
 					ASN:  "/asn-path",
 				},
-				TemplatePath:        "",
+				BindAddress: ":8080",
-				BindAddress:         ":8080",
+				TLSAddress:  ":9000",
-				TLSAddress:          ":9000",
+				TLSCrtPath:  "/crt-path",
-				TLSCrtPath:          "/crt-path",
+				TLSKeyPath:  "/key-path",
-				TLSKeyPath:          "/key-path",
+				Server: serverSettings{
-				TrustedHeader:       "",
+					ReadTimeout:  10 * time.Second,
-				EnableSecureHeaders: false,
+					WriteTimeout: 10 * time.Second,
+				},
+			},
+		},
+		{
+			[]string{
+				"-geoip2-city", "/city-path", "-geoip2-asn", "/asn-path",
+				"-trusted-header", "header", "-trusted-port-header", "port-header",
+			},
+			settings{
+				GeodbPath: geodbPath{
+					City: "/city-path",
+					ASN:  "/asn-path",
+				},
+				BindAddress:       ":8080",
+				TrustedHeader:     "header",
+				TrustedPortHeader: "port-header",
 				Server: serverSettings{
 					ReadTimeout:  10 * time.Second,
 					WriteTimeout: 10 * time.Second,
@@ -136,11 +140,7 @@ func TestParseFlags(t *testing.T) {
 					City: "/city-path",
 					ASN:  "/asn-path",
 				},
-				TemplatePath:        "",
 				BindAddress:         ":8080",
-				TLSAddress:          "",
-				TLSCrtPath:          "",
-				TLSKeyPath:          "",
 				TrustedHeader:       "header",
 				EnableSecureHeaders: true,
 				Server: serverSettings{
@@ -154,7 +154,7 @@ func TestParseFlags(t *testing.T) {
 	for _, tt := range flags {
 		t.Run(strings.Join(tt.args, " "), func(t *testing.T) {
 			_, err := Setup(tt.args)
-			assert.Nil(t, err)
+			require.Nil(t, err)
 			assert.True(t, reflect.DeepEqual(App, tt.conf))
 		})
 	}
@@ -192,6 +192,6 @@ func TestParseFlagTemplate(t *testing.T) {
 		"-template", "/",
 	}
 	_, err = Setup(flags)
-	assert.Error(t, err)
+	require.Error(t, err)
 	assert.Contains(t, err.Error(), "must be a file")
 }

router/generic.go

@@ -44,15 +44,31 @@ func getRoot(ctx *gin.Context) {
 	}
 }
 
+func getClientPort(ctx *gin.Context) string {
+	var port string
+	if setting.App.TrustedPortHeader == "" {
+		if setting.App.TrustedHeader != "" {
+			port = "unknown"
+		} else {
+			_, port, _ = net.SplitHostPort(ctx.Request.RemoteAddr)
+		}
+	} else {
+		port = ctx.GetHeader(setting.App.TrustedPortHeader)
+		if port == "" {
+			port = "unknown"
+		}
+	}
+
+	return port
+}
+
 func getClientPortAsString(ctx *gin.Context) {
-	_, port, _ := net.SplitHostPort(ctx.Request.RemoteAddr)
+	ctx.String(http.StatusOK, getClientPort(ctx)+"\n")
-	ctx.String(http.StatusOK, port+"\n")
 }
 
 func getAllAsString(ctx *gin.Context) {
 	output := "IP: " + ctx.ClientIP() + "\n"
-	_, port, _ := net.SplitHostPort(ctx.Request.RemoteAddr)
+	output += "Client Port: " + getClientPort(ctx) + "\n"
-	output += "Client Port: " + port + "\n"
 
 	r := service.Geo{IP: net.ParseIP(ctx.ClientIP())}
 	if record := r.LookUpCity(); record != nil {
@@ -63,8 +79,8 @@ func getAllAsString(ctx *gin.Context) {
 		output += geoASNRecordToString(record) + "\n"
 	}
 
-	h := ctx.Request.Header
+	h := httputils.GetHeadersWithoutTrustedHeaders(ctx)
-	h["Host"] = []string{ctx.Request.Host}
+	h.Set("Host", ctx.Request.Host)
 	output += httputils.HeadersToSortedString(h)
 
 	ctx.String(http.StatusOK, output)
@@ -83,11 +99,10 @@ func jsonOutput(ctx *gin.Context) JSONResponse {
 		version = 6
 	}
 
-	_, port, _ := net.SplitHostPort(ctx.Request.RemoteAddr)
 	return JSONResponse{
 		IP:              ctx.ClientIP(),
 		IPVersion:       version,
-		ClientPort:      port,
+		ClientPort:      getClientPort(ctx),
 		Country:         cityRecord.Country.Names["en"],
 		CountryCode:     cityRecord.Country.ISOCode,
 		City:            cityRecord.City.Names["en"],
@@ -98,6 +113,6 @@ func jsonOutput(ctx *gin.Context) JSONResponse {
 		ASN:             asnRecord.AutonomousSystemNumber,
 		ASNOrganization: asnRecord.AutonomousSystemOrganization,
 		Host:            ctx.Request.Host,
-		Headers:         ctx.Request.Header,
+		Headers:         httputils.GetHeadersWithoutTrustedHeaders(ctx),
 	}
 }

router/generic_test.go

@@ -6,6 +6,7 @@ import (
 	"net/http/httptest"
 	"testing"
 
+	"github.com/dcarrillo/whatismyip/internal/setting"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -97,16 +98,75 @@ func TestHost(t *testing.T) {
 }
 
 func TestClientPort(t *testing.T) {
-	req, _ := http.NewRequest("GET", "/client-port", nil)
+	type args struct {
-	req.RemoteAddr = net.JoinHostPort(testIP.ipv4, "1000")
+		params  []string
-	req.Header.Set(trustedHeader, testIP.ipv4)
+		headers map[string][]string
+	}
+	tests := []struct {
+		name     string
+		args     args
+		expected string
+	}{
+		{
+			name:     "No trusted headers set",
+			expected: "1000\n",
+		},
+		{
+			name: "Trusted header only set",
+			args: args{
+				params: []string{
+					"-geoip2-city", "city",
+					"-geoip2-asn", "asn",
+					"-trusted-header", trustedHeader,
+				},
+			},
+			expected: "unknown\n",
+		},
+		{
+			name: "Trusted and port header set but not included in headers",
+			args: args{
+				params: []string{
+					"-geoip2-city", "city",
+					"-geoip2-asn", "asn",
+					"-trusted-header", trustedHeader,
+					"-trusted-port-header", trustedPortHeader,
+				},
+			},
+			expected: "unknown\n",
+		},
+		{
+			name: "Trusted and port header set and included in headers",
+			args: args{
+				params: []string{
+					"-geoip2-city", "city",
+					"-geoip2-asn", "asn",
+					"-trusted-header", trustedHeader,
+					"-trusted-port-header", trustedPortHeader,
+				},
+				headers: map[string][]string{
+					trustedHeader:     {testIP.ipv4},
+					trustedPortHeader: {"1001"},
+				},
+			},
+			expected: "1001\n",
+		},
+	}
 
-	w := httptest.NewRecorder()
+	for _, tt := range tests {
-	app.ServeHTTP(w, req)
+		_, _ = setting.Setup(tt.args.params)
+		t.Run(tt.name, func(t *testing.T) {
+			req, _ := http.NewRequest("GET", "/client-port", nil)
+			req.RemoteAddr = net.JoinHostPort(testIP.ipv4, "1000")
+			req.Header = tt.args.headers
 
-	assert.Equal(t, 200, w.Code)
+			w := httptest.NewRecorder()
-	assert.Equal(t, contentType.text, w.Header().Get("Content-Type"))
+			app.ServeHTTP(w, req)
-	assert.Equal(t, "1000\n", w.Body.String())
+
+			assert.Equal(t, 200, w.Code)
+			assert.Equal(t, contentType.text, w.Header().Get("Content-Type"))
+			assert.Equal(t, tt.expected, w.Body.String())
+		})
+	}
 }
 
 func TestNotFound(t *testing.T) {
@@ -120,6 +180,15 @@ func TestNotFound(t *testing.T) {
 }
 
 func TestJSON(t *testing.T) {
+	_, _ = setting.Setup(
+		[]string{
+			"-geoip2-city", "city",
+			"-geoip2-asn", "asn",
+			"-trusted-header", trustedHeader,
+			"-trusted-port-header", trustedPortHeader,
+		},
+	)
+
 	type args struct {
 		ip string
 	}
@@ -149,6 +218,7 @@ func TestJSON(t *testing.T) {
 			req.RemoteAddr = net.JoinHostPort(tt.args.ip, "1000")
 			req.Host = "test"
 			req.Header.Set(trustedHeader, tt.args.ip)
+			req.Header.Set(trustedPortHeader, "1001")
 
 			w := httptest.NewRecorder()
 			app.ServeHTTP(w, req)
@@ -162,7 +232,7 @@ func TestJSON(t *testing.T) {
 
 func TestAll(t *testing.T) {
 	expected := `IP: 81.2.69.192
-Client Port: 1000
+Client Port: 1001
 City: London
 Country: United Kingdom
 Country Code: GB
@@ -176,13 +246,21 @@ ASN Organization:
 
 Header1: one
 Host: test
-X-Real-Ip: 81.2.69.192
 `
+	_, _ = setting.Setup(
+		[]string{
+			"-geoip2-city", "city",
+			"-geoip2-asn", "asn",
+			"-trusted-header", trustedHeader,
+			"-trusted-port-header", trustedPortHeader,
+		},
+	)
 
 	req, _ := http.NewRequest("GET", "/all", nil)
 	req.RemoteAddr = net.JoinHostPort(testIP.ipv4, "1000")
 	req.Host = "test"
 	req.Header.Set(trustedHeader, testIP.ipv4)
+	req.Header.Set(trustedPortHeader, "1001")
 	req.Header.Set("Header1", "one")
 
 	w := httptest.NewRecorder()

router/headers.go

@@ -10,15 +10,17 @@ import (
 )
 
 func getHeadersAsSortedString(ctx *gin.Context) {
-	h := ctx.Request.Header
+	h := httputils.GetHeadersWithoutTrustedHeaders(ctx)
-	h["Host"] = []string{ctx.Request.Host}
+	h.Set("Host", ctx.Request.Host)
 
 	ctx.String(http.StatusOK, httputils.HeadersToSortedString(h))
 }
 
 func getHeaderAsString(ctx *gin.Context) {
+	headers := httputils.GetHeadersWithoutTrustedHeaders(ctx)
+
 	h := ctx.Params.ByName("header")
-	if v := ctx.GetHeader(h); v != "" {
+	if v := headers.Get(ctx.Params.ByName("header")); v != "" {
 		ctx.String(http.StatusOK, template.HTMLEscapeString(v))
 	} else if strings.ToLower(h) == "host" {
 		ctx.String(http.StatusOK, template.HTMLEscapeString(ctx.Request.Host))

router/headers_test.go

@@ -5,6 +5,7 @@ import (
 	"net/http/httptest"
 	"testing"
 
+	"github.com/dcarrillo/whatismyip/internal/setting"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -26,13 +27,20 @@ Header2: value22
 Header3: value3
 Host: 
 `
-
+	_, _ = setting.Setup([]string{
+		"-geoip2-city", "city",
+		"-geoip2-asn", "asn",
+		"-trusted-header", trustedHeader,
+		"-trusted-port-header", trustedPortHeader,
+	})
 	req, _ := http.NewRequest("GET", "/headers", nil)
 	req.Header = map[string][]string{
 		"Header1": {"value1"},
 		"Header2": {"value21", "value22"},
 		"Header3": {"value3"},
 	}
+	req.Header.Set(trustedHeader, "1.1.1.1")
+	req.Header.Set(trustedPortHeader, "1025")
 
 	w := httptest.NewRecorder()
 	app.ServeHTTP(w, req)

router/setup_test.go

@@ -34,11 +34,12 @@ var (
 		text: "text/plain; charset=utf-8",
 		json: "application/json; charset=utf-8",
 	}
-	jsonIPv4 = `{"client_port":"1000","ip":"81.2.69.192","ip_version":4,"country":"United Kingdom","country_code":"GB","city":"London","latitude":51.5142,"longitude":-0.0931,"postal_code":"","time_zone":"Europe/London","asn":0,"asn_organization":"","host":"test","headers":{"X-Real-Ip":["81.2.69.192"]}}`
+	jsonIPv4 = `{"client_port":"1001","ip":"81.2.69.192","ip_version":4,"country":"United Kingdom","country_code":"GB","city":"London","latitude":51.5142,"longitude":-0.0931,"postal_code":"","time_zone":"Europe/London","asn":0,"asn_organization":"","host":"test", "headers": {}}`
-	jsonIPv6 = `{"asn":3352, "asn_organization":"TELEFONICA DE ESPANA", "city":"", "client_port":"1000", "country":"", "country_code":"", "headers":{"X-Real-Ip":["2a02:9000::1"]}, "host":"test", "ip":"2a02:9000::1", "ip_version":6, "latitude":0, "longitude":0, "postal_code":"", "time_zone":""}`
+	jsonIPv6 = `{"asn":3352, "asn_organization":"TELEFONICA DE ESPANA", "city":"", "client_port":"1001", "country":"", "country_code":"", "host":"test", "ip":"2a02:9000::1", "ip_version":6, "latitude":0, "longitude":0, "postal_code":"", "time_zone":"", "headers": {}}`
 )
 
 const trustedHeader = "X-Real-IP"
+const trustedPortHeader = "X-Real-Port"
 
 func TestMain(m *testing.M) {
 	app = gin.Default()