| Subject: | X-forwarded-for behaviour incorrect? |
The format of the x-forwarded-for header is client, proxy1, proxy2,
but this module incorrectly takes the last item in the list as the
client ip address
Changing the regex to my ( $ip, ) = split /,/, $env->
{HTTP_X_FORWARDED_FOR}; fixes the problem (although it does not deal
with "X-Forwarded-For: unknown" eg http://www.squid-cache.org/Doc/
config/forwarded_for/)
Ah. It may be that the documentation isn't clear and that this module
is only moving the ip down a single level in order to hide the single
reverse proxy. My understanding was that $env->{REMOTE_ADDR} would be
set to the actual client's ip address rather than the ip address of
the last upstream proxy. Any chance of clarifying this in the docs?
---
http://en.wikipedia.org/wiki/X-Forwarded-For
The general format of the field is:
X-Forwarded-For: client, proxy1, proxy2
where the value is a comma+space separated list of IP addresses, the
left-most being the original client, and each successive proxy that
passed the request adding the IP address where it received the request
from. In this example, the request passed proxy1, proxy2 and proxy3
(proxy3 appears as remote address of the request).