diff options
| author | Joseph Tate <jtate@dragonstrider.com> | 2014-03-06 16:23:42 -0500 |
|---|---|---|
| committer | Joseph Tate <jtate@dragonstrider.com> | 2014-03-06 16:23:42 -0500 |
| commit | 6f7d0c025ec745b7b7ccb1d1784df3a5cff739de (patch) | |
| tree | aaa326714f9ea05c8fb619f9e2b74e52edb2d105 | |
| parent | 3138be4b3659e32cba905d62b2f90b536a2a0742 (diff) | |
| download | cherrypy-6f7d0c025ec745b7b7ccb1d1784df3a5cff739de.tar.gz | |
Fix bug #1268, X-Forwarded-For IP order
| -rw-r--r-- | cherrypy/lib/cptools.py | 5 | ||||
| -rw-r--r-- | cherrypy/test/test_proxy.py | 3 |
2 files changed, 4 insertions, 4 deletions
diff --git a/cherrypy/lib/cptools.py b/cherrypy/lib/cptools.py index 84b8fad0..134c8e47 100644 --- a/cherrypy/lib/cptools.py +++ b/cherrypy/lib/cptools.py @@ -209,9 +209,8 @@ def proxy(base=None, local='X-Forwarded-Host', remote='X-Forwarded-For', cherrypy.log('Testing remote %r:%r' % (remote, xff), 'TOOLS.PROXY') if xff: if remote == 'X-Forwarded-For': - # See - # http://bob.pythonmac.org/archives/2005/09/23/apache-x-forwarded-for-caveat/ - xff = xff.split(',')[-1].strip() + #Bug #1268 + xff = xff.split(',')[0].strip() request.remote.ip = xff diff --git a/cherrypy/test/test_proxy.py b/cherrypy/test/test_proxy.py index 49356448..821a4e52 100644 --- a/cherrypy/test/test_proxy.py +++ b/cherrypy/test/test_proxy.py @@ -83,11 +83,12 @@ class ProxyTest(helper.CPWebCase): self.getPage("/remoteip", headers=[('X-Forwarded-For', '192.168.0.20')]) self.assertBody("192.168.0.20") + #Fix bug #1268 self.getPage("/remoteip", headers=[ ('X-Forwarded-For', '67.15.36.43, 192.168.0.20') ]) - self.assertBody("192.168.0.20") + self.assertBody("67.15.36.43") # Test X-Host (lighttpd; see https://trac.lighttpd.net/trac/ticket/418) self.getPage("/xhost", headers=[('X-Host', 'www.example.test')]) |