September 18, 2013 07:50PM
Hi -

I have confirmed an unusual situation in which it appears the leading address is being stripped from x-forwarded-for headers passed on to downstream hosts (running Apache in this case) on very specific requests. I haven't been able to determine a pattern that triggers the event.

Has anyone else experienced this issue/seen anything similar? I've been managing nginx-based services for some time and this is the first event in which I've seen this behavior; I am at a loss.

Kind regards,
Stu

Technical info:
Example:
HTTP_X_FORWARDED_FOR=, 10.2.8.141 SERVER_ADDR=10.5.7.112 REMOTE_ADDR=10.4.7.114
- note the leading "," on the x_forwarded_for header and the missing leading IP.

Configuration example:
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://backend1/;
}
}


Version info:
nginx version: nginx/1.2.6 (Ubuntu)
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --with-pcre-jit --with-debug --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_realip_module --with-http_stub_status_module --with-http_ssl_module --with-http_sub_module --with-http_xslt_module --with-ipv6 --with-sha1=/usr/include/openssl --with-md5=/usr/include/openssl --with-mail --with-mail_ssl_module --add-module=/tmp/buildd/nginx-1.2.6/debian/modules/nginx-auth-pam --add-module=/tmp/buildd/nginx-1.2.6/debian/modules/nginx-echo --add-module=/tmp/buildd/nginx-1.2.6/debian/modules/nginx-upstream-fair --add-module=/tmp/buildd/nginx-1.2.6/debian/modules/nginx-dav-ext-module
Subject Author Posted

HTTP_X_FORWARDED_FOR being truncated/prefixed with a comma and no IP for some requests

scianos September 18, 2013 07:50PM

Re: HTTP_X_FORWARDED_FOR being truncated/prefixed with a comma and no IP for some requests

Maxim Dounin September 19, 2013 06:38AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 131
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready