When nginx gets multiple X-Forwarded-For headers in a single request, it
only keeps the last one in r->headers_in (and thus in
$http_x_forwarded_for, $proxy_add_x_forwarded_for). Reverse proxies behind
an nginx instance sometimes need the entire X-Forwarded-For chain - part
of which is discarded in this case.
Per RFC 2616, it's equivalent to concatenate each header value (separated
by a comma) and send the concatenated value to the upstream:
4.2
-snip-
Multiple message-header fields with the same field-name MAY be
present in a message if and only if the entire field-value for that
header field is defined as a comma-separated list [i.e., #(values)].
It MUST be possible to combine the multiple header fields into one
"field-name: field-value" pair, without changing the semantics of the
message, by appending each subsequent field-value to the first, each
separated by a comma. The order in which header fields with the same
field-name are received is therefore significant to the
interpretation of the combined field value, and thus a proxy MUST NOT
change the order of these field values when a message is forwarded.
-snip-
Attached is a patch that does exactly this, in the case of multiple headers..
Please let me know if you have any comments about this patch - I'm happy
to make any changes you suggest.
Relevant bug report:
http://trac.nginx.org/nginx/ticket/106
Thanks,
Alex Tribble
[Sorry for the attachment, my MUAs all unanimously decided they hate me]
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel