HTTP_X_FORWARDED_FOR being truncated/prefixed with a comma and no IP for some requests
mdounin at mdounin.ru
Thu Sep 19 10:36:23 UTC 2013
On Wed, Sep 18, 2013 at 07:50:13PM -0400, scianos wrote:
> Hi -
> I have confirmed an unusual situation in which it appears the leading
> address is being stripped from x-forwarded-for headers passed on to
> downstream hosts (running Apache in this case) on very specific requests. I
> haven't been able to determine a pattern that triggers the event.
> Has anyone else experienced this issue/seen anything similar? I've been
> managing nginx-based services for some time and this is the first event in
> which I've seen this behavior; I am at a loss.
> Kind regards,
> Technical info:
> HTTP_X_FORWARDED_FOR=, 10.2.8.141 SERVER_ADDR=10.5.7.112
> - note the leading "," on the x_forwarded_for header and the missing leading
This can easily happen if an original request contains an empty
X-Forwarded-For header. See no problem here.
More information about the nginx