Author: adrian
Date: 2007-09-16 11:54:16 -0500 (Sun, 16 Sep 2007)
New Revision: 6364
Modified:
django/trunk/django/middleware/http.py
Log:
Fixed #3872 -- Fixed incorrect handling of HTTP_X_FORWARDED_FOR in
SetRemoteAddrFromForwardedFor. Thanks, Simon Willison and gregorth
Modified: django/trunk/django/middleware/http.py
===================================================================
--- django/trunk/django/middleware/http.py 2007-09-16 16:01:25 UTC (rev
6363)
+++ django/trunk/django/middleware/http.py 2007-09-16 16:54:16 UTC (rev
6364)
@@ -55,6 +55,7 @@
return None
else:
# HTTP_X_FORWARDED_FOR can be a comma-separated list of IPs.
- # Take just the first one.
- real_ip = real_ip.split(",")[0]
+ # Take just the last one.
+ # See
http://bob.pythonmac.org/archives/2005/09/23/apache-x-forwarded-for-caveat/
+ real_ip = real_ip.split(",")[-1].strip()
request.META['REMOTE_ADDR'] = real_ip
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
