handling X-Forwarded-For when using reverse proxy



  • I don’t know if my reverse proxy configuration is messed up or if this is a z-push issue. As far as I know, X-Forwarded-For can hold a list of multiple IP addresses.
    Once I have the following option defined in z-push.conf:

        define('USE_CUSTOM_REMOTE_IP_HEADER', 'X-Forwarded-For');
    

    I can see messages in z-push.log like:

    01/06/2018 11:08:59 [28617] [ INFO] [darian] cmd='Ping' memory='3.41 MiB/3.75 MiB' time='60.09s' devType='Android' devId='nine621b3e876d5d' getUser='darian' from='badip-80.181.17.109192.168.10.32' idle='60s' version='2.4.2+0' method='POST' httpcode='200'
    

    The actual client ip was 80.181.17.109. My reverse proxy passed a list of IPs, the client_ip and the proxy_ip: “80.181.17.109, 192.168.10.32”. Obviously such string cannot be identified as a valid IP address and hence I get the badip messages.


  • Kopano

    Hi Darian,

    thanks for reporting this. I’ve created a JIRA issue: https://jira.z-hub.io/browse/ZP-1434.

    Manfred


Log in to reply