On Wed, Sep 02, 2009 at 05:06:01PM -0400, Miguel Pilar Vilagran wrote: > The problem with this header (and a few others such as Via) is that it > can appear multiple times, but it must always be chained in the correct > sequence. Haproxy respects this. However I've already seen some applications > using any random occurrence of the header, instead of the one which > corresponds to the proxy position in their architecture. For instance, > if there are 2 proxies before the application, the application must > use occurrence N-2 where N is the number of occurrences of the header, > to find the original client's IP address. > > Hoping this helps, > Willy > > > Willy what I meant by chaining is what Squid does, which is not append > another header but if a header exists it appends the proxy IP to a > comma+space separated list that may be on the header.
There is no difference, it is 100% equivalent. > See here: http://en.wikipedia.org/wiki/X-forwarded-for Better read the original doc, isn't it ? RFC2616 - Hypertext Transfer Protocol -- HTTP/1.1 Page 32, section 4.2 - Message headers Multiple message-header fields with the same field-name MAY be present in a message if and only if the entire field-value for that header field is defined as a comma-separated list [i.e., #(values)]. It MUST be possible to combine the multiple header fields into one "field-name: field-value" pair, without changing the semantics of the message, by appending each subsequent field-value to the first, each separated by a comma. The order in which header fields with the same field-name are received is therefore significant to the interpretation of the combined field value, and thus a proxy MUST NOT change the order of these field values when a message is forwarded. It is exactly what is done here. Willy
