HTTP_X_FORWARDED_FOR being truncated/prefixed with a comma and no IP for some requests
scianos
nginx-forum at nginx.us
Wed Sep 18 23:50:13 UTC 2013
Hi -
I have confirmed an unusual situation in which it appears the leading
address is being stripped from x-forwarded-for headers passed on to
downstream hosts (running Apache in this case) on very specific requests. I
haven't been able to determine a pattern that triggers the event.
Has anyone else experienced this issue/seen anything similar? I've been
managing nginx-based services for some time and this is the first event in
which I've seen this behavior; I am at a loss.
Kind regards,
Stu
Technical info:
Example:
HTTP_X_FORWARDED_FOR=, 10.2.8.141 SERVER_ADDR=10.5.7.112
REMOTE_ADDR=10.4.7.114
- note the leading "," on the x_forwarded_for header and the missing leading
IP.
Configuration example:
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://backend1/;
}
}
Version info:
nginx version: nginx/1.2.6 (Ubuntu)
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx
--conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log
--http-client-body-temp-path=/var/lib/nginx/body
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi
--http-log-path=/var/log/nginx/access.log
--http-proxy-temp-path=/var/lib/nginx/proxy
--http-scgi-temp-path=/var/lib/nginx/scgi
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi --lock-path=/var/lock/nginx.lock
--pid-path=/run/nginx.pid --with-pcre-jit --with-debug
--with-http_addition_module --with-http_dav_module --with-http_geoip_module
--with-http_gzip_static_module --with-http_image_filter_module
--with-http_realip_module --with-http_stub_status_module
--with-http_ssl_module --with-http_sub_module --with-http_xslt_module
--with-ipv6 --with-sha1=/usr/include/openssl --with-md5=/usr/include/openssl
--with-mail --with-mail_ssl_module
--add-module=/tmp/buildd/nginx-1.2.6/debian/modules/nginx-auth-pam
--add-module=/tmp/buildd/nginx-1.2.6/debian/modules/nginx-echo
--add-module=/tmp/buildd/nginx-1.2.6/debian/modules/nginx-upstream-fair
--add-module=/tmp/buildd/nginx-1.2.6/debian/modules/nginx-dav-ext-module
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,242970,242970#msg-242970
More information about the nginx
mailing list