2009/9/14 Dave Steinberg <[email protected]>: > Saumil Shah wrote: >> >> Greetings, >> >> The expected format for all XFF headers is that there's only ONE XFF >> header. Every proxy server appends the client IP to the end of the >> XFF IP list. > > Not so! RFC 2616, section 4.2 says: > > Multiple message-header fields with the same field-name MAY be present in a > message if and only if the entire field-value for that header field is > defined as a comma-separated list [i.e., #(values)]. It MUST be possible to > combine the multiple header fields into one "field-name: field-value" pair, > without changing the semantics of the message, by appending each subsequent > field-value to the first, each separated by a comma. The order in which > header fields with the same field-name are received is therefore significant > to the interpretation of the combined field value, and thus a proxy MUST NOT > change the order of these field values when a message is forwarded. > > So pound's implementation is in accordance with the standard. Most > webservers do the munge-to-one-field operation before log parsers or > applications see it, so I don't think there's any issue.
I really insist on the correct order of the values: If a proxy inserts a *NEW* X-Forwarded-For header, this header must appear in *top* of other existing X-Forwarded-For headers persent in the received request. For sure this is the correct order. Also, I expect that X-Forwarded-For header is not a standar header, so its value it's not defined as a "comma-separated list". -- Iñaki Baz Castillo <[email protected]> -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
