Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #3872 -- Fixed incorrect handling of HTTP_X_FORWARDED_FOR in Se…

…tRemoteAddrFromForwardedFor. Thanks, Simon Willison and gregorth

git-svn-id: http://code.djangoproject.com/svn/django/trunk@6364 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 0f4fb9755cb91389a500629da0fe1739afbc2a20 1 parent 4541a4d
Adrian Holovaty authored September 16, 2007

Showing 1 changed file with 3 additions and 2 deletions. Show diff stats Hide diff stats

  1. 5  django/middleware/http.py
5  django/middleware/http.py
@@ -55,6 +55,7 @@ def process_request(self, request):
55 55
             return None
56 56
         else:
57 57
             # HTTP_X_FORWARDED_FOR can be a comma-separated list of IPs.
58  
-            # Take just the first one.
59  
-            real_ip = real_ip.split(",")[0]
  58
+            # Take just the last one.
  59
+            # See http://bob.pythonmac.org/archives/2005/09/23/apache-x-forwarded-for-caveat/
  60
+            real_ip = real_ip.split(",")[-1].strip()
60 61
             request.META['REMOTE_ADDR'] = real_ip

0 notes on commit 0f4fb97

Please sign in to comment.
Something went wrong with that request. Please try again.