Issue #1268 resolved

Wrong order of IPs in X-Forwarded-For header

Anonymous created an issue

In lib/, the reference (this article is ~ 8 years old) is stated as the recipe for obtaining the client's IP from the X-Forwarded-For header (it uses the last entry in the ", "-separated list).

Apache, however, uses another order of IPs. The article at describes the same order that Apache uses.

In our setup, e.g., the console log always shows the IP of our apache proxy server.

Comments (5)

  1. Log in to comment