https://bz.apache.org/bugzilla/show_bug.cgi?id=63113
--- Comment #3 from Rainer Jung <rainer.j...@kippdata.de> --- Are you sure, that the requests with two items in XFF actually come from one of the addresses in the trusted list? I'm asking because the access log snippet you quoted contains 1.2.3.4 as the client IP, possibly redacted by you. So is the address at the beginning of the access log line part of the trusted proxy list (eg. one of your nginx addresses)? You could also add remoteip:trace8 to your LogLevel and check whether there's something interesting for the faling request in the logs. Regards, Rainer -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org