I really insist on the correct order of the values: If a proxy inserts a *NEW* X-Forwarded-For header, this header must appear in *top* of other existing X-Forwarded-For headers persent in the received request. For sure this is the correct order.
That seems intuitively correct, I agree. However the wikipedia article says that the opposite is the way it is implemented:
http://en.wikipedia.org/wiki/X-Forwarded-For
Also, I expect that X-Forwarded-For header is not a standar header, so its value it's not defined as a "comma-separated list".
The RFC just talks about general headers, i.e. standard and non-standard alike, so I think this applies here. A CSL of IPs is the de-facto standard for this header.
Regards, -- Dave Steinberg http://www.geekisp.com/ http://www.steinbergcomputing.com/ -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
