A mod_geoip2 that properly handles X-Forwarded-For

This is just a short follow-up to my original post on Wrangling the X-Forwarded-For Header where I promised that one of the things I would follow up with was how to get MaxMind's mod_geoip2 to handle the X-Forwarded-For according to the rule:

Always use the leftmost non-private address.

Well, since it's turning out to be such a popular post I thought I'd better get it done to help anyone else out that's searching around for solutions. So, I've put up the code on my GitHub account here:


I'm maintaining a maxmind branch that contains the original code from MaxMind and the master contains my changes, so you can see a nice diff of what I've done.

I have to warn that I haven't done any serious C programming for more than 15 years or so, my code probably isn't fantastic, and I'm open to outside contributions from anyone with suggestions. The approach I've taken is to embed the regexes of my previous post into the module and walk through the IP addresses looking for a non-private match.

Since my initial release, based on MaxMind's 1.2.5, they've put out a 1.2.7 which includes the addition of a GeoIPUseLastXForwardedForIP flag. I can imagine what prompted this addition but as I said in my previous post this isn't the way to get the best IP address. As of writing, my current master branch is based on 1.2.7 and has this new flag but because the first_public_ip_in_list is done first it's mostly useless.

If anyone wants to hassle MaxMind on my behalf then feel free, I sent them an email a couple of months ago about this but received no answer.

Update 6-July-2012: A new release with some changes, details here.