Saumil Shah wrote:
Greetings,
The expected format for all XFF headers is that there's only ONE XFF
header. Every proxy server appends the client IP to the end of the
XFF IP list.
Not so! RFC 2616, section 4.2 says:
Multiple message-header fields with the same field-name MAY be present
in a message if and only if the entire field-value for that header field
is defined as a comma-separated list [i.e., #(values)]. It MUST be
possible to combine the multiple header fields into one "field-name:
field-value" pair, without changing the semantics of the message, by
appending each subsequent field-value to the first, each separated by a
comma. The order in which header fields with the same field-name are
received is therefore significant to the interpretation of the combined
field value, and thus a proxy MUST NOT change the order of these field
values when a message is forwarded.
So pound's implementation is in accordance with the standard. Most
webservers do the munge-to-one-field operation before log parsers or
applications see it, so I don't think there's any issue.
Regards,
--
Dave Steinberg
http://www.geekisp.com/
http://www.steinbergcomputing.com/
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.
