El Sábado, 12 de Septiembre de 2009, Dave Steinberg escribió: > > X-Forwarded-For: 1.2.3.4 > > X-Forwarded-For: 87.218.216.202 > > I believe that's legal, and is equivalent to: > > X-Forwarded-For: 1.2.3.4, 87.218.216.202 > > Possibly the IPs in my example are reversed - I'm not sure. The point > I'm making is that if you require only a single IP to be in your > X-Forwarded-For header, you should use HeadRemove as you mentioned. > > The multiple-IP version is legal / arguably desirable in the case of > multiple intermediate proxies. Think ISP-level web accelerator in front > of an end-user.
Yes, it makes sense but then each X-Forwarded-For header added by each proxy should be on top of others. In the example I wrote: The request arriving to Pound: T 2009/09/12 21:49:44.271221 87.218.216.202:52448 -> 99.122.79.215:9080 [AP] GET /xcap-root/pres-rules/users/i...@qwe/presrules HTTP/1.1 Content-Length: 0 X-Forwarded-For: 1.2.3.4 The request forwarded by Pound to the web server: T 2009/09/12 21:49:44.271452 127.0.0.1:36734 -> 127.0.0.1:80 [AP] GET /xcap-root/pres-rules/users/i...@qwe/presrules HTTP/1.1 Content-Length: 0 X-Forwarded-For: 87.218.216.202 <--- ON TOP X-Forwarded-For: 1.2.3.4 I'm used to SIP protocol in which there are scenarios with multiple proxies adding headers (as "Via" and "Record-Route" header). When a proxy adds a Via or Record-Route header it *must* write it on top of existing Via/Record-Route headers. I expect that in HTTP it should be the same as SIP is "based" on HTTP. Regards. -- Iñaki Baz Castillo <[email protected]> -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
