1. cherrypy
  2. CherryPy
Issue #1268 resolved

Wrong order of IPs in X-Forwarded-For header

Anonymous created an issue

In lib/cptools.py, the reference http://bob.pythonmac.org/archives/2005/09/23/apache-x-forwarded-for-caveat/ (this article is ~ 8 years old) is stated as the recipe for obtaining the client's IP from the X-Forwarded-For header (it uses the last entry in the ", "-separated list).

Apache, however, uses another order of IPs. The article at http://en.wikipedia.org/wiki/X-Forwarded-For describes the same order that Apache uses.

In our setup, e.g., the console log always shows the IP of our apache proxy server.

Comments (5)

  1. Log in to comment