Fixed #3872 -- Fixed incorrect handling of HTTP_X_FORWARDED_FOR in…

Fixed #3872 -- Fixed incorrect handling of HTTP_X_FORWARDED_FOR in SetRemoteAddrFromForwardedFor. Thanks, Simon Willison and gregorth git-svn-id: http://code.djangoproject.com/svn/django/trunk@6364 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Fixed #3872 -- Fixed incorrect handling of HTTP_X_FORWARDED_FOR in…
Fixed #3872 -- Fixed incorrect handling of HTTP_X_FORWARDED_FOR in SetRemoteAddrFromForwardedFor. Thanks, Simon Willison and gregorth git-svn-id: http://code.djangoproject.com/svn/django/trunk@6364 bcc190cf-cafb-0310-a4f2-bffc1f526a37
0f4fb975 · Adrian Holovaty · 4541a4d3 · 0f4fb975
Kaydet (Commit) 0f4fb975 authored Eyl 16, 2007 tarafından Adrian Holovaty
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 2 deletions

http.py django/middleware/http.py +3 -2

No files found.
--- a/django/middleware/http.py
+++ b/django/middleware/http.py
@@ -55,6 +55,7 @@ class SetRemoteAddrFromForwardedFor(object):
            return None
        else:
            # HTTP_X_FORWARDED_FOR can be a comma-separated list of IPs.
-            # Take just the first one.
-            real_ip = real_ip.split(",")[0]
+            # Take just the last one.
+            # See http://bob.pythonmac.org/archives/2005/09/23/apache-x-forwarded-for-caveat/
+            real_ip = real_ip.split(",")[-1].strip()
            request.META['REMOTE_ADDR'] = real_ip