From c115074d773cb135f8c647992e792b91ad3bb3d9 Mon Sep 17 00:00:00 2001
From: tsirolnik <tsirolnik@users.noreply.github.com>
Date: Tue, 30 Aug 2016 18:58:39 +0300
Subject: [PATCH] Use X-Forwarded-For before X-Real-Ip

Nginx uses X-Real-Ip with its IP instead of the client's IP. Therefore, we should use X-Forwarded-For *before* X-Real-Ip
---
 context.go | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/context.go b/context.go
index 01c7cb4f..d19e1ee9 100644
--- a/context.go
+++ b/context.go
@@ -349,13 +349,10 @@ func (c *Context) BindWith(obj interface{}, b binding.Binding) error {
 
 // ClientIP implements a best effort algorithm to return the real client IP, it parses
 // X-Real-IP and X-Forwarded-For in order to work properly with reverse-proxies such us: nginx or haproxy.
+// Use X-Forwarded-For before X-Real-Ip as nginx uses X-Real-Ip with the proxy's IP.
 func (c *Context) ClientIP() string {
 	if c.engine.ForwardedByClientIP {
-		clientIP := strings.TrimSpace(c.requestHeader("X-Real-Ip"))
-		if len(clientIP) > 0 {
-			return clientIP
-		}
-		clientIP = c.requestHeader("X-Forwarded-For")
+		clientIP := c.requestHeader("X-Forwarded-For")
 		if index := strings.IndexByte(clientIP, ','); index >= 0 {
 			clientIP = clientIP[0:index]
 		}
@@ -363,6 +360,10 @@ func (c *Context) ClientIP() string {
 		if len(clientIP) > 0 {
 			return clientIP
 		}
+		clientIP = strings.TrimSpace(c.requestHeader("X-Real-Ip"))
+		if len(clientIP) > 0 {
+			return clientIP
+		}
 	}
 
 	if c.engine.AppEngine {