[Catalyst] X-Forwarded-For
Bill Moseley
moseley at hank.org
Wed Apr 2 04:17:07 BST 2008
C::Engine::Apache does this:
# If we are running as a backend server, the user will always appear
# as 127.0.0.1. Select the most recent upstream IP (last in the list)
my ($ip) = $headers->{'X-Forwarded-For'} =~ /([^,\s]+)$/;
$c->request->address( $ip );
Why the "most recent"? If there's two proxies then that address is
our top proxy.
Don't we want $c->req->address to be the client's IP?
For example, I'm seeing this header:
X-Forwarded-For: 192.168.51.158, 10.1.6.1
So C::Engine::Apache is setting $c->req->address to 10.1.6.1.
The first IP in X-Forwarded-For is the client IP.
Shouldn't C::Apache::Engine use the first address?
--
Bill Moseley
moseley at hank.org
More information about the Catalyst
mailing list