Hello Dmitry, On Thu, Mar 24, 2011 at 05:28:13PM +0300, Dmitry Sivachenko wrote: > Hello! > > With "option forwardfor", haproxy adds X-Forwarded-For header at the end > of header list. > > But according to wikipedia: > http://en.wikipedia.org/wiki/X-Forwarded-For > > and other HTTP proxies (say, nginx) > there is standard format to specify several intermediate IP addresses: > X-Forwarded-For: client1, proxy1, proxy2 > > Why don't you use these standard procedure to add client IP?
Because these are not the standards. Standards are defined by RFCs, not by Wikipedia :-) We already got this question anyway. The short answer is that both forms are strictly equivalent, and any intermediary is free to fold multiple header lines into a single one with values delimited by commas. Your application will not notice the difference (otherwise it's utterly broken and might possibly be sensible to many vulnerabilities such as request smugling attacks). Hoping this helps, Willy
