Permalink
Browse files

Fixed #3872 -- Fixed incorrect handling of HTTP_X_FORWARDED_FOR in Se…

…tRemoteAddrFromForwardedFor. Thanks, Simon Willison and gregorth

git-svn-id: http://code.djangoproject.com/svn/django/trunk@6364 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
1 parent 4541a4d commit 0f4fb9755cb91389a500629da0fe1739afbc2a20 @adrianholovaty adrianholovaty committed Sep 16, 2007
Showing with 3 additions and 2 deletions.
  1. +3 −2 django/middleware/http.py
View
5 django/middleware/http.py
@@ -55,6 +55,7 @@ def process_request(self, request):
return None
else:
# HTTP_X_FORWARDED_FOR can be a comma-separated list of IPs.
- # Take just the first one.
- real_ip = real_ip.split(",")[0]
+ # Take just the last one.
+ # See http://bob.pythonmac.org/archives/2005/09/23/apache-x-forwarded-for-caveat/
+ real_ip = real_ip.split(",")[-1].strip()
request.META['REMOTE_ADDR'] = real_ip

0 comments on commit 0f4fb97

Please sign in to comment.