HTTP_X_FORWARDED_FOR being truncated/prefixed with a comma and no IP for some requests

Maxim Dounin mdounin at
Thu Sep 19 10:36:23 UTC 2013


On Wed, Sep 18, 2013 at 07:50:13PM -0400, scianos wrote:

> Hi -
> I have confirmed an unusual situation in which it appears the leading
> address is being stripped from x-forwarded-for headers passed on to
> downstream hosts (running Apache in this case) on very specific requests. I
> haven't been able to determine a pattern that triggers the event.
> Has anyone else experienced this issue/seen anything similar? I've been
> managing nginx-based services for some time and this is the first event in
> which I've seen this behavior; I am at a loss.
> Kind regards,
> Stu
> Technical info:
> Example:
> - note the leading "," on the x_forwarded_for header and the missing leading
> IP.

This can easily happen if an original request contains an empty 
X-Forwarded-For header.  See no problem here.

Maxim Dounin

More information about the nginx mailing list