Ticket #3872: SetRemoteAddrFromForwardedFor.diff

File SetRemoteAddrFromForwardedFor.diff, 665 bytes (added by Grzegorz Ślusarek, 17 years ago)

patch against revision 6213

  • django/middleware/http.py

     
    5555            return None
    5656        else:
    5757            # HTTP_X_FORWARDED_FOR can be a comma-separated list of IPs.
    58             # Take just the first one.
    59             real_ip = real_ip.split(",")[0]
     58            # according to http://bob.pythonmac.org/archives/2005/09/23/apache-x-forwarded-for-caveat/
     59            # we take last element of the list
     60            real_ip = real_ip.split(",")[-1].strip()
    6061            request.META['REMOTE_ADDR'] = real_ip
Back to Top