id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
277	HttpRealipModule doesn't behave as expected with duplicate headers	Neal Poole		"I'm running into an issue on Linode due to the way their NodeBalancer platform is configured. The NodeBalancer acts as a proxy and load balancer. Before forwarding a request, it adds an HTTP header (X-Forwarded-For) with the value set as the client's IP. If the request contained an X-Forwarded-For header to begin with (ie: because the client's ISP uses a proxy that sends that information outbound), a duplicate header is created.

An example request, pulled from the server via tcpdump:

{{{
GET /foobar.php HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Forwarded-For: 127.0.0.2, 127.0.0.3
X-Forwarded-For: 207.38.128.123
Connection: close
}}}

According to RFC 2616, this is actually a valid construction (http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2):

""Multiple message-header fields with the same field-name MAY be present in a message if and only if the entire field-value for that header field is defined as a comma-separated list [i.e., #(values)].""

However, with the request above and with HttpRealipModule enabled as follows, REMOTE_ADDR is set to 127.0.0.3:

{{{
set_real_ip_from   192.168.255.0/24;
real_ip_header     X-Forwarded-For;
}}}

I've tried setting real_ip_recursive to on as well but that did not change the result."	defect	closed	minor		nginx-module	1.2.x	duplicate			Linux punbb-hosting-web 2.6.39.1-linode34 #1 SMP Tue Jun 21 10:29:24 EDT 2011 i686 GNU/Linux	"nginx version: nginx/1.2.6
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx/ --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6
"