Welcome! Log In Create A New Profile

Re: [PATCH] Improve X-Forwarded-For handling in realip

Forum List Message List New Topic Print View

mike

December 02, 2010 02:48AM

Registered: 15 years ago
Posts: 833

On Wed, Dec 1, 2010 at 7:31 PM, Omar Kilani <omar.kilani@gmail.com> wrote:
> Hi Michael,
>
> You should be able to get a list of subnets from your CDN, which you
> can add to 'set_real_ip_from'. This way, you'll get the first
> untrusted IP in the chain -- the scan works backwards, so even if your
> XFF looked like:
>
> X-Forwarded-For: proxy1 proxy2 client1
>
> You'll get 'client1' if you add 'proxy1' or 'proxy2' to 'set_real_ip_from'.
>
> And if your XFF looked like:
>
> X-Forwarded-For: client1 proxy1 proxy2
>
> You'll get 'client1' too -- hence the patch. :)

I don't want to necessarily have to define subnets, I'm fine with
trusting the header I get (which can be custom sometimes)

I just need to be able to get the last (or first) IP.

Does the patch just apply the proxy IPs against the set_real_ip_from
and ignore those? I didn't really read it much.

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
[PATCH] Improve X-Forwarded-For handling in realip	Omar Kilani	December 01, 2010 10:26PM
Re: [PATCH] Improve X-Forwarded-For handling in realip	mike	December 01, 2010 10:30PM
Re: [PATCH] Improve X-Forwarded-For handling in realip	Omar Kilani	December 01, 2010 10:34PM
Re: [PATCH] Improve X-Forwarded-For handling in realip	mike	December 02, 2010 02:48AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 186

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018