handling X-Forwarded-For when using reverse proxy
Darian last edited by
I don’t know if my reverse proxy configuration is messed up or if this is a z-push issue. As far as I know, X-Forwarded-For can hold a list of multiple IP addresses.
Once I have the following option defined in z-push.conf:
I can see messages in z-push.log like:
01/06/2018 11:08:59  [ INFO] [darian] cmd='Ping' memory='3.41 MiB/3.75 MiB' time='60.09s' devType='Android' devId='nine621b3e876d5d' getUser='darian' from='badip-184.108.40.206192.168.10.32' idle='60s' version='2.4.2+0' method='POST' httpcode='200'
The actual client ip was 220.127.116.11. My reverse proxy passed a list of IPs, the client_ip and the proxy_ip: “18.104.22.168, 192.168.10.32”. Obviously such string cannot be identified as a valid IP address and hence I get the badip messages.
thanks for reporting this. I’ve created a JIRA issue: https://jira.z-hub.io/browse/ZP-1434.