https://bz.apache.org/bugzilla/show_bug.cgi?id=63113
Bug ID: 63113
Summary: X-Forwarded-For header not resolved by mod_remoteip
when comma delimited multiple values
Product: Apache httpd-2
Version: 2.4.25
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_remoteip
Assignee: bugs@httpd.apache.org
Reporter: george.boob...@gmail.com
Target Milestone: ---
Using the remote_ip module we are getting an issue whereby the X-Forwarded-For
header is not getting resolved when it contains multiple IPs delimited with a
comma - the expected format.
If a single value is present it works as expected and the client-ip is updated
with the X-Forwarded-For IP.
X-Forwarded-For:5.6.7.8, 10.10.20.10 <- won't work as expected
Resulting log entry (last field in brackets is X-Forwarded-For)
1.2.3.4 hostname.net:443 - - [25/Jan/2019:10:45:20 +0000] "GET /xx HTTP/1.1"
200 8938 "https://example.com/"; "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3682.0
Safari/537.36" (5.6.7.8, 10.10.20.10) <- X-Forwarded-For not changed
X-Forwarded-For:5.6.7.8 <- works fine
5.6.7.8 hostname.net:443 - - [25/Jan/2019:10:34:02 +0000] "GET /xx HTTP/1.1"
200 5656 "https://example.com/"; "Mozilla/5.0 (Macintosh; Intel Mac OS X
10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3682.0
Safari/537.36" (-) <- X-Forwarded-For stripped
Server version: Apache/2.4.25 (Debian)
Server built: 2018-11-03T18:46:19
Server's Module Magic Number: 20120211:68
Server loaded: APR 1.5.2, APR-UTIL 1.5.4
Compiled using: APR 1.5.2, APR-UTIL 1.5.4
Architecture: 64-bit
Server MPM: prefork
threaded: no
forked: yes (variable process count)
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org
