Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fixed #3872 -- Fixed incorrect handling of HTTP_X_FORWARDED_FOR in Se…

…tRemoteAddrFromForwardedFor. Thanks, Simon Willison and gregorth

git-svn-id: http://code.djangoproject.com/svn/django/trunk@6364 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 0f4fb9755cb91389a500629da0fe1739afbc2a20 1 parent 4541a4d
@adrianholovaty adrianholovaty authored
Showing with 3 additions and 2 deletions.
  1. +3 −2 django/middleware/http.py
View
5 django/middleware/http.py
@@ -55,6 +55,7 @@ def process_request(self, request):
return None
else:
# HTTP_X_FORWARDED_FOR can be a comma-separated list of IPs.
- # Take just the first one.
- real_ip = real_ip.split(",")[0]
+ # Take just the last one.
+ # See http://bob.pythonmac.org/archives/2005/09/23/apache-x-forwarded-for-caveat/
+ real_ip = real_ip.split(",")[-1].strip()
request.META['REMOTE_ADDR'] = real_ip

0 comments on commit 0f4fb97

Please sign in to comment.
Something went wrong with that request. Please try again.