CouchDB
  1. CouchDB
  2. COUCHDB-1421

Wrong X-Forwarded-For address chosen as "peer"

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: HTTP Interface
    • Labels:
      None

      Description

      I noticed that in the Mochiweb code, it uses the last item of the X-Forwarded-For list as the peer:
      https://github.com/apache/couchdb/blob/master/src/mochiweb/mochiweb_request.erl#L82

      But shouldn't this snag the first item of the list instead? http://tools.ietf.org/html/draft-petersson-forwarded-for-02#section-5.2 says "the first for-parameter will disclose the user agent where the request first was made" — the user agent is what I'd want as an app developer, not the second-nearest proxy.

        Activity

        Alexander Shorin made changes -
        Component/s HTTP Interface [ 12312234 ]
        Nathan Vander Wilt made changes -
        Field Original Value New Value
        Summary Wrong X-Forwarded-For address chosen as "peer"? Wrong X-Forwarded-For address chosen as "peer"
        Nathan Vander Wilt created issue -

          People

          • Assignee:
            Unassigned
            Reporter:
            Nathan Vander Wilt
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:

              Development