On Thu, Mar 24, 2011 at 09:12:46PM +0100, Willy Tarreau wrote:
> Hello Dmitry,
>
> On Thu, Mar 24, 2011 at 05:28:13PM +0300, Dmitry Sivachenko wrote:
> > Hello!
> >
> > With "option forwardfor", haproxy adds X-Forwarded-For header at the end
> > of header list.
> >
> > But according to wikipedia:
> > http://en.wikipedia.org/wiki/X-Forwarded-For
> >
> > and other HTTP proxies (say, nginx)
> > there is standard format to specify several intermediate IP addresses:
> > X-Forwarded-For: client1, proxy1, proxy2
> >
> > Why don't you use these standard procedure to add client IP?
>
> Because these are not the standards. Standards are defined by RFCs, not
> by Wikipedia :-)
I meant more like "de-facto standard", sorry for the confusion. The format with single comma-delimited X-Forwarded-For is just more common.
>
> We already got this question anyway. The short answer is that both forms
> are strictly equivalent, and any intermediary is free to fold multiple
> header lines into a single one with values delimited by commas. Your
> application will not notice the difference (otherwise it's utterly
> broken and might possibly be sensible to many vulnerabilities such as
> request smugling attacks).
>
Okay, thanks for the explanation. Received on 2011/03/25 09:45
This archive was generated by hypermail 2.2.0 : 2011/03/25 10:00 CET