Alex Hunsley wrote:

Dave Steinberg wrote:

Alex Hunsley wrote:

I'm using the X-Forwarded-for header which Pound sets to the value of the caller's IP.
Am I right in thinking that Pound won't set this header if it's already present in the request?
This would make sense, as then Pounds can be cascaded....

Anyway, it looks like certain requests reaching my pound (from mobile phones) already have the "X-Forwarded-for" header set - googling for this header certainly shows that it isn't unique to Pound, is used other place - so that Pound won't set it. I'm wondering if there is a way to force Pound to always set "X-Forwarded-for" (to the souce IP), even if the header is already set in the request?

I believe in this case pound modifies the X-Forwarded-For header to add the connecting IP.  Technically X-Forwarded-For is not the end-user's IP, its the list of IPs being forwarded.

So these are both valid:

X-Forwarded-For: 1.2.3.4

and

X-Forwarded-For: 1.2.3.4, 5.6.7.8

The length of that list of IPs can go on and on, in the general case.

Ah, thanks for the clarification on the nature of X-Forwarded-For.
As far as my pound setup here goes, it seems to be like Pound is just not touching "X-Forwarded-For" header if it already exists.
I can see this because I have a "front" pound, and behind that I have a "back" pound, defining sessions based on the "X-Forwarded-For" header. When I look at the current sessions using poundctl, I see things like this:

Ah, no, I understand now.
If an "X-Forwarded-for" header already exists, Pound just adds another.
I have just seen the following headers in a tcpdump of traffic:

X-Forwarded-for: 10.1.2.3
X-Forwarded-for: 192.168.3.5

in other words, it adds a whole new header. There are two headers with the same name, different data.
Is this correct? Or should it be doing the appending thing (i.e. append IP to existing header)? The appending thing makes more sense...
lex



--
To unsubscribe send an email with subject unsubscribe to pound@apsis.ch.
Please contact roseg@apsis.ch for questions.