Opened 13 years ago

Closed 12 years ago

#106 closed defect (fixed)

Nginx realip module not working correctly with multiple x-forwarded-for headers

Reported by: Pete Shima Owned by: somebody
Priority: minor Milestone:
Component: nginx-core Version: 1.0.x
Keywords: Cc:
uname -a: Linux app 2.6.18-238.9.1.el5.028stab089.1 #1 SMP Thu Apr 14 14:06:01 MSD 2011 x86_64 GNU/Linux
nginx -V: nginx: nginx version: nginx/1.0.8
nginx: built by gcc 4.4.3 (Ubuntu 4.4.3-4ubuntu5)
nginx: TLS SNI support enabled
nginx: configure arguments: --prefix=/opt/nginx --with-http_ssl_module --with-ipv6 --with-http_stub_status_module --with-http_realip_module

Description

When a request comes in with multiple x-forwarded-for headers the first header is always used. The values should be combined.

Example request:
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Authorization: Basic asdf332rfe2f
Via: 1.1 localhost (squid/3.1.12)
X-Forwarded-For: 127.0.0.1
Cache-Control: max-age=259200
X-Forwarded-For: 165.48.6.22
Connection: close

More information on this here: http://mailman.nginx.org/pipermail/nginx/2008-July/006143.html

RFC here: http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2

Change History (2)

comment:1 by Ruslan Ermilov, 12 years ago

In 5085/nginx:

Correctly handle multiple X-Forwarded-For headers (ticket #106).

comment:2 by Ruslan Ermilov, 12 years ago

Resolution: fixed
sensitive: 0
Status: newclosed

Fixed in nginx 1.3.14.

Note: See TracTickets for help on using tickets.