Commits

Joseph Tate committed 64f6135

Fix bug #1268, X-Forwarded-For IP order

Comments (0)

Files changed (2)

cherrypy/lib/cptools.py

             cherrypy.log('Testing remote %r:%r' % (remote, xff), 'TOOLS.PROXY')
         if xff:
             if remote == 'X-Forwarded-For':
-                # See http://bob.pythonmac.org/archives/2005/09/23/apache-x-forwarded-for-caveat/
-                xff = xff.split(',')[-1].strip()
+                #Bug #1268
+                xff = xff.split(',')[0].strip()
             request.remote.ip = xff
 
 

cherrypy/test/test_proxy.py

         self.getPage("/remoteip",
                      headers=[('X-Forwarded-For', '192.168.0.20')])
         self.assertBody("192.168.0.20")
+        #Fix bug #1268
         self.getPage("/remoteip",
                      headers=[('X-Forwarded-For', '67.15.36.43, 192.168.0.20')])
-        self.assertBody("192.168.0.20")
+        self.assertBody("67.15.36.43")
 
         # Test X-Host (lighttpd; see https://trac.lighttpd.net/trac/ticket/418)
         self.getPage("/xhost", headers=[('X-Host', 'www.example.test')])