On Thu, Mar 24, 2011 at 09:12:46PM +0100, Willy Tarreau wrote: > Hello Dmitry, > > On Thu, Mar 24, 2011 at 05:28:13PM +0300, Dmitry Sivachenko wrote: > > Hello! > > > > With "option forwardfor", haproxy adds X-Forwarded-For header at the end > > of header list. > > > > But according to wikipedia: > > http://en.wikipedia.org/wiki/X-Forwarded-For > > > > and other HTTP proxies (say, nginx) > > there is standard format to specify several intermediate IP addresses: > > X-Forwarded-For: client1, proxy1, proxy2 > > > > Why don't you use these standard procedure to add client IP? > > Because these are not the standards. Standards are defined by RFCs, not > by Wikipedia :-)
I meant more like "de-facto standard", sorry for the confusion. The format with single comma-delimited X-Forwarded-For is just more common. > > We already got this question anyway. The short answer is that both forms > are strictly equivalent, and any intermediary is free to fold multiple > header lines into a single one with values delimited by commas. Your > application will not notice the difference (otherwise it's utterly > broken and might possibly be sensible to many vulnerabilities such as > request smugling attacks). > Okay, thanks for the explanation.