#447 closed defect (invalid)
X-Forwarded-For header incorrect sometimes when using nginx as proxy
Reported by: | Jiri Horky | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | nginx-core | Version: | |
Keywords: | Cc: | ||
uname -a: | |||
nginx -V: |
nginx version: nginx/1.5.6
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC) TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-cc-opt='-O2 -g' |
Description
Hi,
we found out that the nginx sometimes sets wrong IP addresses in "X-Forwarded-For" header. It seems to be some race condition that only triggers once per ~6000 requests in our environment. The correct field in the header should like like this:
X-Forwarded-For: 84.236.127.136
but sometimes we see this:
X-Forwarded-For: 12.13.14.15, 2.29.89.233
i.e. two IP addresses separated by coma and space. We use nginx as SSL terminator/proxy, the config file is attached. The nginx version is 1.5.6.
Attachments (1)
Change History (4)
by , 11 years ago
Attachment: | nginx.conf added |
---|
comment:1 by , 11 years ago
Forgot to mention - the request rate is about 4000 connections per seconds, 80% of them are keepalived to the client side. But we saw this error to happen even with 400 conns/s.
comment:2 by , 11 years ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
Multiple IP addresses in X-Forwarded-For is normal, see http://en.wikipedia.org/wiki/X-Forwarded-For.
nginx configuration file