Graham Leggett wrote:
(Having not yet had a chance to look at the code) How is the possibility
of multiple IPs in the same header handled, eg:
X-Fowarded-For: 10.2.3.4, 10.11.12.13
I think you'll find your question is answered in the README I referenced.
It's handled fine. The interesting point is that, presuming that the
nearest remote_host and 10.11.12.13 both have 'Internal' trust, meaning
they are know to our network, while 67.151.55.1 and 178.21.1.10 are given
TrustedProxy status, we would still refuse to acknowledge another networks
private subnet. Therefore;
X-Fowarded-For: 10.2.3.4, 67.151.55.1 178.21.1.10, 10.11.12.13
results in a remote_host 67.151.55.1, and the header value is updated to
reflect that this host still makes an X-Forwarded-For assertion, e.g.
X-Fowarded-For: 10.2.3.4
Will we someday introduce a feature to treat this as a decorated remote
host name of something like "67.151.55.1_10.2.3.4" - I'd suggest we could
but that feature could break any number of thirdparty modules attempting
to resolve this address.
