{"status":"ok","service":"ifport.io","observed_source_ip":"216.73.216.233","observed_ip_scope":"public","ip_source":"x_forwarded_for_trusted_proxy","transport_remote_ip":"172.16.1.1","trusted_header_candidates":{"cf_connecting_ip":null,"forwarded":null,"x_forwarded_for_first_public":"216.73.216.233","x_real_ip":"216.73.216.233"},"attribution":{"verdict":"trusted_edge_header_path","confidence":"medium","representation":"trusted_edge_header","message":"IfPort sees a public IP through trusted edge headers. The scan can be useful, but the edge must sanitize inbound forwarding headers before setting x_forwarded_for_trusted_proxy.","risks":["A misconfigured proxy can let clients spoof forwarded IP headers.","Changing Cloudflare, HAProxy, VPN, or load-balancer behavior can change which public IP IfPort scans."]},"fix_playbook":["Confirm the immediate edge proxy overwrites X-Real-IP and X-Forwarded-For from the socket source, not from untrusted inbound headers.","If Cloudflare is in front, prefer CF-Connecting-IP from verified Cloudflare source ranges and strip spoofed forwarding headers before HAProxy.","Run `/network-path` twice: once through the public edge and once from a direct non-proxy client; the observed source should be the expected public IP.","Transport remote IP differs from observed source IP; audit the proxy/header hop that changed attribution."],"verify_commands":["curl -fsS https://ifport.io/network-path | jq .","curl -fsS https://ifport.io/json?profile=default | jq '{observed_source_ip, accuracy, decision}'","curl -fsS 'https://ifport.io/evidence?format=markdown'","# expected observed_source_ip for this request path right now: 216.73.216.233"],"copy_paste":{"markdown":"# IfPort Network Path\n\n**Observed source IP:** 216.73.216.233\n**Observed IP scope:** public\n**IP source:** x_forwarded_for_trusted_proxy\n**Transport remote IP:** 172.16.1.1\n**Attribution verdict:** trusted_edge_header_path\n**Confidence:** medium\n**Representation:** trusted_edge_header\n\nIfPort sees a public IP through trusted edge headers. The scan can be useful, but the edge must sanitize inbound forwarding headers before setting x_forwarded_for_trusted_proxy.\n\n## Fix Playbook\n- Confirm the immediate edge proxy overwrites X-Real-IP and X-Forwarded-For from the socket source, not from untrusted inbound headers.\n- If Cloudflare is in front, prefer CF-Connecting-IP from verified Cloudflare source ranges and strip spoofed forwarding headers before HAProxy.\n- Run `/network-path` twice: once through the public edge and once from a direct non-proxy client; the observed source should be the expected public IP.\n- Transport remote IP differs from observed source IP; audit the proxy/header hop that changed attribution.\n\n## Verify Commands\n- `curl -fsS https://ifport.io/network-path | jq .`\n- `curl -fsS https://ifport.io/json?profile=default | jq '{observed_source_ip, accuracy, decision}'`\n- `curl -fsS 'https://ifport.io/evidence?format=markdown'`\n- `# expected observed_source_ip for this request path right now: 216.73.216.233`\n\nBoundary: request-source-only; no arbitrary target scanning; no CIDR sweeps; no exploitation.\n","curl_commands":["curl -fsS https://ifport.io/network-path | jq .","curl -fsS https://ifport.io/json?profile=default | jq '{observed_source_ip, accuracy, decision}'","curl -fsS 'https://ifport.io/evidence?format=markdown'","# expected observed_source_ip for this request path right now: 216.73.216.233"]},"links":{"run_check":"https://ifport.io/","json":"https://ifport.io/json","evidence":"https://ifport.io/evidence","docs":"https://ifport.io/docs","support":"https://ifport.io/support"},"notes":["This endpoint does not run a scan; it explains how source IP attribution was derived.","request-source-only scans are most reliable when observed_ip_scope is public."]}