[PATCH] Fix for ticket #106: Correctly handle multiple X-Forwarded-For headers
atribble at amazon.com
Wed Jun 20 01:47:56 UTC 2012
When nginx gets multiple X-Forwarded-For headers in a single request, it
only keeps the last one in r->headers_in (and thus in
$http_x_forwarded_for, $proxy_add_x_forwarded_for). Reverse proxies behind
an nginx instance sometimes need the entire X-Forwarded-For chain - part
of which is discarded in this case.
Per RFC 2616, it's equivalent to concatenate each header value (separated
by a comma) and send the concatenated value to the upstream:
Multiple message-header fields with the same field-name MAY be
present in a message if and only if the entire field-value for that
header field is defined as a comma-separated list [i.e., #(values)].
It MUST be possible to combine the multiple header fields into one
"field-name: field-value" pair, without changing the semantics of the
message, by appending each subsequent field-value to the first, each
separated by a comma. The order in which header fields with the same
field-name are received is therefore significant to the
interpretation of the combined field value, and thus a proxy MUST NOT
change the order of these field values when a message is forwarded.
Attached is a patch that does exactly this, in the case of multiple headers.
Please let me know if you have any comments about this patch - I'm happy
to make any changes you suggest.
Relevant bug report:
[Sorry for the attachment, my MUAs all unanimously decided they hate me]
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2342 bytes
More information about the nginx-devel