Why we need UA check on /ip and other CLI methods? Having it for / is nice feature, but for specific endpoints it's pretty much useless. Everyone who's not on a list will mimic curl. Anyhow 100% would pass, why to bother?

Hello,
I see a dark mode has been added to index.html but I can't for the life of me figure out how to enable it.
Thanks

https://dev.maxmind.com/geoip/legacy/geolite/

indicates that you need to switch to geolite2:

We will be discontinuing updates to the GeoLite Legacy databases as of April 1, 2018. You will still be able
to download the April 2018 release until January 2, 2019. GeoLite Legacy users will need to update their
integrations in order to switch to the free GeoLite2 or commercial GeoIP databases by April 2018.

I'm not doing this to incite anything however I looked through the code(Go is not a language I'm familiar with overly much) but I did not see where the 429 was coming from. Is this being handled in a forward facing proxy?

As described in new "RFC 7239" header "X-Forwarded-For" must be changed to "for" value of the "Forwarded" header for providing information about clients behind the proxy.
More details: http://evertpot.com/http-11-updated/

It doesn't display my IPv6 address :-(

Mebus

I noticed that curl has started to fail with following error

# curl https://ifconfig.co
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

Looking at the certificate response with

 # openssl s_client -connect ifconfig.co:443 -tls1 -tlsextdebug -status 

I see

Certificate chain
 0 s:/CN=atbapi.tar.io
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3

Other sites with lets encrypt certs work just fine. So... Wrong certificate?

Hi!

Thank you for the service!

I'm writing you to notify, that it's currently down for me (Latvia) and may be down for others too.

Thank you for your work!

or maybe i dont have ipv6 support TT

Hello,

Would it be possible to expand the README.md, in regards to how implementation is done? More precisely; lets say you use apache or nginx, does all the files and folders need to be /var/www/ ? or what is the minimum need, in order to make it work?

Currently, a request to GET / can either give you just your IP address as simple text, or a fancy HTML page - and this decision is exclusively made based on whether your user agent is one of the few recognised by the server as being not-a-browser.

I believe it would be more correct, and more flexible, to support the Accept header when making this decision. In particular, if you only Accept: text/plain, then you should naturally get the plain-text response rather than the fancy HTML. In other words, I would expect the following behaviour. (I've omitted all headers that aren't relevant to this issue. 😉 )

GET / HTTP/1.1
Accept: */*
User-Agent: something unrecognised

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8

<!-- full fancy html page here -->

GET / HTTP/1.1
Accept: text/plain
User-Agent: something unrecognised

HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8

127.0.0.1

This behaviour is also consistent with the existing support for the Accept header, which allows you to retrieve the JSON response from GET / by indicating that you will only Accept: application/json.

The existing system which sniffs your user agent would remain in place - although it would make sense to override the user agent and give the HTML page to Curl and friends too, if they send Accept: text/html rather than the default Accept: */*.

Is it possible to add GeoIP lookup?
For example users may want to know from what country their Tor end-point.
For saving current response time there is no need to put it on the main page, but as 'ifconfig.co/geo' it would be nice to see this future.

Need example with https://github.com/astaxie/bat 🦇

$ bat -print=b ifconfig.co/ip

127.0.0.1

$

Chain issues Incorrect order, Extra certs, Contains anchor
Common names tar.io MISMATCH
Alternative names atbapi.tar.io git.tar.io tar.io
Trusted No NOT TRUSTED

SSLlabs SSL Report: v6.ifconfig.co (2001:16d8:ee03:0:0:0:cafe:d00d)

$ curl -vvk https://v6.ifconfig.co
* STATE: INIT => CONNECT handle 0x600057790; line 1402 (connection #-5000)
* Rebuilt URL to: https://v6.ifconfig.co/
* Added connection 0. The cache now contains 1 members
*   Trying 2001:16d8:ee03::cafe:d00d...
* STATE: CONNECT => WAITCONNECT handle 0x600057790; line 1455 (connection #0)
* Connected to v6.ifconfig.co (2001:16d8:ee03::cafe:d00d) port 443 (#0)
* STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x600057790; line 1562 (connection #0)
* ALPN, offering h2
* ALPN, offering http/1.1

   "status": 404,
   "message": "route not found"
 * STATE: PERFORM => DONE handle 0x600057790; line 1955 (connection #0)
 * multi_done
 * Connection #0 to host v6.ifconfig.co left intact

How to install it on my linux server? This is my site ip.accchina.pw but it has a lot of questions, do you know how to fix it?

Hi,
we are in 2017, maybe IPv6 could be enabled ?
kind regards

like http://ipv4.icanhazip.com/ or http://v4.ident.me/
this is helpful when you need to get the ip of a proxy that you don't control. so if i talk ipv4 to the proxy, but the proxy talks ipv6 to ifconfig.co, i'll only get back ipv6 results.

I think wget examples should be shown as:

$ wget -qO- ifconfig.co/ip
11.22.33.44

There are some flavors of wget, such as the builtin one in busybox, which will display the whole HTML page when the short form ifconfig.co is given. Using the /ip form appears to work fine for both GNU and busybox wget flavors.

When I do

$ curl ifconfig.co
217.110.88.76

yet when I do:

$ http -vvv ifconfig.co
GET / HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, compress
Host: ifconfig.co
User-Agent: HTTPie/0.8.0



HTTP/1.1 200 OK
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Wed, 16 Mar 2016 16:30:01 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Transfer-Encoding: chunked
Vary: Accept-Encoding

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <title>What is my IP address? &mdash; ifconfig.co</title>
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta name="description" content="What is my IP address?">
    <link href="//fonts.googleapis.com/css?family=Oswald" rel="stylesheet">
    <link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/pure/0.6.0/pure-min.css">
    <style>
      body {
        font-family: "Oswald", sans-serif;
        font-size: 12px;
      }
      .response {
        font-family: "Monaco", "Menlo", "Consolas", "Courier New", monospace;
      }
      .content {
        margin-left: auto;
        margin-right: auto;
        max-width: 1024px;
      }
      #wrapper {
        margin-bottom: 10px;
        text-align: center;
      }
      .ip {
        border: 1px solid #cbcbcb;
        background: #f2f2f2;
        font-size: 36px;
      }
    </style>
  </head>
  <body>
    <div class="content">
      <div id="wrapper">
        <h1>What is my IP address?</h1>
        <h2>Your IP:</h2>
        <p><code class="ip">217.110.88.76</code></p>
        <a href="?cmd=curl" class="pure-button pure-button-active pure-button-primary">curl</a>
        <a href="?cmd=wget" class="pure-button">wget</a>
        <a href="?cmd=fetch" class="pure-button">fetch</a>
      </div>
      <table class="pure-table pure-table-bordered pure-table-striped">
        <thead>
          <tr>
            <th style="width: 350px">Command</th>
            <th>Response</th>
          </tr>
        </thead>
        <tbody>
          <tr>
            <td><code><span class="command">curl </span> ifconfig.co</code></td>
            <td class="response">217.110.88.76</td>
          </tr>


          <tr>
            <td><code><span class="command">curl </span> ifconfig.co/accept</code></td>
            <td class="response">*/*</td>
          </tr>

          <tr>
            <td><code><span class="command">curl </span> ifconfig.co/accept-encoding</code></td>
            <td class="response">gzip, deflate, compress</td>
          </tr>

          <tr>
            <td><code><span class="command">curl </span> ifconfig.co/user-agent</code></td>
            <td class="response">HTTPie/0.8.0</td>
          </tr>

          <tr>
            <td><code><span class="command">curl </span> ifconfig.co/x-ifconfig-country</code></td>
            <td class="response">Germany</td>
          </tr>

          <tr>
            <td><code><span class="command">curl </span> ifconfig.co/x-ifconfig-ip</code></td>
            <td class="response">217.110.88.76</td>
          </tr>

          <tr>
            <td><code><span class="command">curl </span> ifconfig.co/x-real-ip</code></td>
            <td class="response">217.110.88.76</td>
          </tr>


          <td><code><span class="command">curl </span> ifconfig.co/all.json</code></td>
          <td><pre class="response">{
  &#34;Accept&#34;: [
    &#34;*/*&#34;
  ],
  &#34;Accept-Encoding&#34;: [
    &#34;gzip, deflate, compress&#34;
  ],
  &#34;User-Agent&#34;: [
    &#34;HTTPie/0.8.0&#34;
  ],
  &#34;X-Ifconfig-Country&#34;: [
    &#34;Germany&#34;
  ],
  &#34;X-Ifconfig-Ip&#34;: [
    &#34;217.110.88.76&#34;
  ],
  &#34;X-Real-Ip&#34;: [
    &#34;217.110.88.76&#34;
  ]
}</pre></td>
        </tbody>
      </table>
    </div>
    <a href="https://github.com/martinp/ifconfigd"><img style="position: absolute; top: 0; right: 0; border: 0;" src="https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png" alt="Fork me on GitHub"></a>
  </body>
</html>

Could you please support httpie?

Example:

$ curl -H 'Accept: application/json' -6 ifconfig.co | jq
{
  "ip": "2604:a880:2:[...]",
  "ip_decimal": 5.053485061328158e+37,
  "country": "United States",
  "country_eu": false,
  "country_iso": "US",
  "city": "Santa Clara",
  "latitude": 37.3417,
  "longitude": -121.9753,
  "asn": "AS14061",
  "asn_org": "DIGITALOCEAN-ASN",
  "user_agent": {
    "product": "curl",
    "version": "7.58.0",
    "raw_value": "curl/7.58.0"
  }
}

First time I've seen an IP address represented in floating-point notation before. I mean, by some definition of "decimal" it kinda is a decimal number. But uh...

Hi Martin,
I 'd like to use this app behind web server like apache or nginx, but if I do so (with mod_proxy for apache or proxy_pass for nginx) I see IP address of server itself and not of client. ifconfig.co runs behind nginx, right? so its possible I assume, but how? Thanks for your help.

Doing a normal Apache Virtual Host returns "127.0.0.1" Im assuming the IP you use must be dedicated and echoip be ran on port 80?

Among other things, the [ifconfig.co][http://ifconfig.co/] page shows commands for getting the values of X-Real-IP and X-Ifconfig-IP, but it doesn't indicate what the difference between them is, if any. Is there a difference between these two values? If so, what is it?

Ran maybe 2-3 requests on https://ifconfig.co/ and now get 429 Too Many Requests. Even from curl:

chip@chip:~$ curl ifconfig.co
429 Too Many Requests

Hi,

Looking at #21 (comment) it looks like these headers were present already:

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *

I'd like to call https://ifconfig.co/json using ajax. Can you add CORS support?

The requestFilter adds information to each request through custom headers. This behaviour should be tested.

To make it testable, ipFromRequest, lookupCountry and LookupAddr need to be injectable.

Thank you for this excellent service! What about adding whois info the discovered IP address? The use case is to create a AWS security groups dynamically based on where you're at. The CIDR field is what's needed ultimately.

Due to upcoming data privacy regulations, MaxMind are making significant changes to how users access free MaxMind GeoLite2 databases starting December 30, 2019. The databases will continue to be available without charge and for redistribution. However, you will be required to create an account and use a license key to download the databases, and agree to a new EULA that addresses applicable data privacy regulations.

Learn more on the MaxMind blog: https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/.

Mark Fowler
MaxMind

Please disable tor blocking

Hey, not sure if this is the right place to report this but the main website (ifconfig.co) is showing the CloudFlare captcha page for all requests, this might be breaking scripts that make use of the /ip endpoint.

If this is intentional please disregard this issue.

I'd like to request the country ISO code to be included in the json response, not only the english name of the country, if possible. I assume you actually get the ISO code from your database but then translate it to the english name with a lookup... If not, I guess this request isn't valid.

The reason for this is that a country is uniquely identified with an ISO code, and that's the system that's used in lookups like country-to-flag services. An ISO code is much easier and safer for an API consumer to work with than a localized name.

{
	"ip": "foo",
	"ip_decimal": 0,
	"country": "Belgium",
	"isoCountry": "BE",
	"city": "Unknown",
	"hostname": "isp.internet"
}

Some months back I had been using ipd to test security proxy functionality and ensure appropriate headers/cookies are making it to app backends. It does not look like this is supported any longer. Any chance this feature will make a comeback?

probably a vhost alias issue?

navigating to https://v4.ifconfig.co returns exact same content as https://v6.ifconfig.co

I added the ico file inside the tag and it doesn't work

I found this service a while ago, I've been using it to get my external IP so I can update my dynamic DNS configuration (with a cron job that runs hourly). But trying to get the site using curl gives me Cloudflare's "captcha" page.

I don't think I'm hitting the rate-limit - am I?

It's a bit useless if Cloudflare is preventing people with curl from using the service, as the first example is actually curl...

Right now curl ifconfig.co is returning HTML with CAPTCHA instead of IP addres

<head>
<title>Attention Required! | Cloudflare</title>
<meta name="captcha-bypass" id="captcha-bypass" />
<meta charset="UTF-8" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" />
<meta name="robots" content="noindex, nofollow" />
<meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1" />
<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,projection" />
<!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" type="text/css" media="screen,projection" /><![endif]-->
<style type="text/css">body{margin:0;padding:0}</style>


<!--[if gte IE 10]><!--><script type="text/javascript" src="/cdn-cgi/scripts/zepto.min.js"></script><!--<![endif]-->
<!--[if gte IE 10]><!--><script type="text/javascript" src="/cdn-cgi/scripts/cf.common.js"></script><!--<![endif]-->




</head>
<body>
  <div id="cf-wrapper">
    <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div>
    <div id="cf-error-details" class="cf-error-details-wrapper">
      <div class="cf-wrapper cf-header cf-error-overview">
        <h1 data-translate="challenge_headline">One more step</h1>
        <h2 class="cf-subheadline"><span data-translate="complete_sec_check">Please complete the security check to access</span> ifconfig.co</h2>
      </div><!-- /.header -->
      
      <div class="cf-section cf-highlight cf-captcha-container">

Obviously other commands are not working too, retuning HTML instead od IP address, I believe it's some sort of misconfiguration but I might be wrong.

Would it be possible to add the ddclient user-agent to the code?

It sends this for the user-agent ddclient/X.X.X where X.X.X is the version of ddclient.
ddclient, however, appears to properly parse through the html and get the proper IP address. I figured it would save bandwidth if the IP was given directly without any surrounding html. Much like the response to curl ifconfig.co is.

hi！I built it on my server. after making, the access is abnormal

Probably cert is invalid

curl  https://v6.ifconfig.co
curl: (60) SSL certificate problem: Invalid certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

In the browser i see:

v6.ifconfig.co uses an invalid security certificate. 
The certificate is only valid for the following names: ifconfig.co, v4.ifconfig.co 

So it looks like new alt name needs to be added

Has anyone had any success running echoip on dokku?

Here's where I stand:

1. Add new dokku app
2. Push echoip repo using dockerfiles deployment
3. Set --trusted-header=X-Forwarded-For for run
4. Configured letsencrypt

=====> domain.org docker options information
       Docker options build:                                   
       Docker options deploy:      --restart=on-failure:10  
       Docker options run:         --trusted-header=X-Forwarded-For 

I can successfully access the instance at https://domain.org but the IP shown is 172.17.0.1.

I assumed that --trusted-header=X-Forwarded-For would resolve this, but it doesn't seem to have any effect whatsoever, even though this header is set in the NGINX config and presumably correct?

proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Request-Start $msec;

Ip

Hello and thanks for this usefull service.

The website is available through ifconfig.co and v4.ifconfig.co but not to v6 because the subdomain is not included in the cert.

Hi,

[hlfh@nssec ~]$ curl -6 ifconfig.co
curl: (6) Could not resolve host: ifconfig.co

Could you support again IPv6?

Thanks.

accessing ifconfig.co via IPv6 , seems to show no DNS records.
https://dns.google.com/query?name=ifconfig.co&type=AAAA&dnssec=true

I run some services that need the external ip in decimal.
It would be nice to not have to do the conversion on the fly, but rather git it from the source.

The certificate on the v6 domain's common name mismatches and therefore breaks HSTS and disallows the site to load in Chrome.

it looks like cloudflare set an anti-robot rule to Chinese IP adddress recently, can you white list the IP addresses please?

Hi, thanks for this great service. I only get to know about this service from another blog.

Btw, as I'm trying it out, I'm setting 522 from CloudFlare, and all command takes about 30 seconds to respond. Below is what I've tried.

curl ipconfig.co
curl https://ipconfig.co
curl ipconfig.co/json
curl -H 'Accept: text/plain' ipconfig.co
curl -H 'Accept: text/plain' -A 'curl/7.26.0' ipconfig.co #took the user-agent from one of the test file here

All getting the same output (snipped)

<title>ipconfig.co | 522: Connection timed out</title>
...
    <h2>What happened?</h2>
    <p>The initial connection between Cloudflare's network and the origin web server timed out. As a result, the web page can not be displayed.</p>
...

wget -qO- ipconfig.co results in timeout

No issue when visiting the page using a browser.

I proceed to test using the browsers request header and it works, then trim down to the minimum that works, and found that it somehow having -H 'pragma: no-cache' helps, then it will continue to work without it. But I can't replicate this 100%.

Is this related to issues caused by Cloudflare on other services lately? Or I'm doing something wrong here?

I've been using this feature in some of my automated scripts. Due to the website update my scripts broke.
The all.json path is useful if you don't want to make multiple requests to the site for different data (Ability to select multiple headers in one request would remove the need for all.json, but currently there is no such feature).