https://bz.apache.org/bugzilla/show_bug.cgi?id=63113
Bug ID: 63113 Summary: X-Forwarded-For header not resolved by mod_remoteip when comma delimited multiple values Product: Apache httpd-2 Version: 2.4.25 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P2 Component: mod_remoteip Assignee: bugs@httpd.apache.org Reporter: george.boob...@gmail.com Target Milestone: --- Using the remote_ip module we are getting an issue whereby the X-Forwarded-For header is not getting resolved when it contains multiple IPs delimited with a comma - the expected format. If a single value is present it works as expected and the client-ip is updated with the X-Forwarded-For IP. X-Forwarded-For:5.6.7.8, 10.10.20.10 <- won't work as expected Resulting log entry (last field in brackets is X-Forwarded-For) 1.2.3.4 hostname.net:443 - - [25/Jan/2019:10:45:20 +0000] "GET /xx HTTP/1.1" 200 8938 "https://example.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3682.0 Safari/537.36" (5.6.7.8, 10.10.20.10) <- X-Forwarded-For not changed X-Forwarded-For:5.6.7.8 <- works fine 5.6.7.8 hostname.net:443 - - [25/Jan/2019:10:34:02 +0000] "GET /xx HTTP/1.1" 200 5656 "https://example.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3682.0 Safari/537.36" (-) <- X-Forwarded-For stripped Server version: Apache/2.4.25 (Debian) Server built: 2018-11-03T18:46:19 Server's Module Magic Number: 20120211:68 Server loaded: APR 1.5.2, APR-UTIL 1.5.4 Compiled using: APR 1.5.2, APR-UTIL 1.5.4 Architecture: 64-bit Server MPM: prefork threaded: no forked: yes (variable process count) -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org