bzp2010 opened a new issue, #9164: URL: https://github.com/apache/apisix/issues/9164
### Current Behavior When there are multiple IPs in XFF, real-ip will use the last IP as the source IP. [code](https://github.com/apache/apisix/blob/master/apisix/plugins/real-ip.lua#L91-L100) ### Expected Behavior According to MDN Web Docs, when XFF has multiple values, the first IP will be the client IP. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For#syntax ### Error Logs _No response_ ### Steps to Reproduce 1. Enable the real-ip plugin and try to send an XFF header with multiple IPs, APISIX will get the wrong one. In fact, according to the code and MDN documentation, it has indeed been proven beyond doubt that there is an error here. And this error has existed for a long time. ### Environment - APISIX version (run `apisix version`): 3.2.0 on master branch -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
