[PATCH] Fix for ticket #106: Correctly handle multiple X-Forwarded-For headers

Tribble, Alex atribble at amazon.com
Wed Jun 20 01:47:56 UTC 2012

When nginx gets multiple X-Forwarded-For headers in a single request, it
only keeps the last one in r->headers_in (and thus in
$http_x_forwarded_for, $proxy_add_x_forwarded_for). Reverse proxies behind
an nginx instance sometimes need the entire X-Forwarded-For chain - part
of which is discarded in this case.

Per RFC 2616, it's equivalent to concatenate each header value (separated
by a comma) and send the concatenated value to the upstream:
   Multiple message-header fields with the same field-name MAY be
   present in a message if and only if the entire field-value for that
   header field is defined as a comma-separated list [i.e., #(values)].
   It MUST be possible to combine the multiple header fields into one
   "field-name: field-value" pair, without changing the semantics of the
   message, by appending each subsequent field-value to the first, each
   separated by a comma. The order in which header fields with the same
   field-name are received is therefore significant to the
   interpretation of the combined field value, and thus a proxy MUST NOT
   change the order of these field values when a message is forwarded.

Attached is a patch that does exactly this, in the case of multiple headers.
Please let me know if you have any comments about this patch - I'm happy
to make any changes you suggest.

Relevant bug report:

Alex Tribble

[Sorry for the attachment, my MUAs all unanimously decided they hate me]

-------------- next part --------------
A non-text attachment was scrubbed...
Name: merge-xff.patch
Type: application/octet-stream
Size: 2342 bytes
Desc: merge-xff.patch
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20120619/198a4c06/attachment.obj>

More information about the nginx-devel mailing list