Correct behaviour when the ip in ip_header is invalid?

[olback]

Hi 👋

The docs state for Request::client_ip that:

If the ip_header exists and contains a valid IP address, that address is returned. Otherwise, if the address of the remote connection is known, that address is returned. Otherwise, None is returned.

I'd argue that it makes more sense to return an error if the headers exists but contains an invalid IP address because if the proxy-server sends an invalid IP in this header, something has probably gone very wrong and the request should not be considered valid.

This table should hopefully illustrate what I mean:

exists \ valid	yes	no
yes	client_ip is read from the header	An error is returned (400?)
no	The connecting IP is returned

[SergioBenitez]

I don't think it's reasonable to, by default, reject the entire request when a single, nonstandard header contains unexpected input, especially if the header is ignored by the application and server otherwise. That being said, Rocket exposes all of the mechanisms necessary to implement the approach you're suggesting in a variety of ways. In particular, you could write a fairing that rejects all such requests, or a request guard that creates an IP extraction policy of your choosing based on real_ip() and remote().