[feature] Disable IP address detection

[ex-tag]

https://echo.labstack.com/guide/ip-address/

Our privacy policy forbids the use of customer IP address detection.
Any recommendation on how to disable the IPExtractor?

router.IPExtractor = nil

Or...

router.IPExtractor = func() echo.IPExtractor {
  return func(req *http.Request) string {
    req.RemoteAddr = ""
    return ""
  }
}()

[aldas]

Probably any variant that does not cause unexpected problems. I think setting it to nil should be OK. IPExtractor is only used where c.RealIP() is called so if you can avoid calling it - you are good to go.

[tomruk]

By default, IPExtractor is nil — it is not set anywhere. And it is only accessed from

echo/context.go

Line 283 in 6b09f3f

return c.echo.IPExtractor(c.request)

and

echo/middleware/proxy.go

Line 259 in 6b09f3f

if req.Header.Get(echo.HeaderXRealIP) == "" || c.Echo().IPExtractor != nil {

So unless you use RealIP or use the proxy middleware, you never call the IPExtractor.

Also the RemoteAddr is used in

echo/context.go

Line 301 in 6b09f3f

ra, _, _ := net.SplitHostPort(c.request.RemoteAddr)

and

echo/ip.go

Line 219 in 6b09f3f

ra, _, _ := net.SplitHostPort(req.RemoteAddr)

So unless you use RealIP or use the ExtractIPDirect, you never use the RemoteAddr.

The most guaranteed approach in your case is to write your own IPExtractor that returns an empty string (you can set it to nil, but just in case), and never use the things mentioned above.