Incorrect X-Forwarded-For header parsing #423
Description
The X-Forwarded-For header is parsed incorectly in THttpRequest::originatingClientAddress() function:
- There may be multiple X-Forwarded-For headers in request.
- The originatingClientAddress() does not check whether clientAddress() is trusted proxy - the clientAddress() is not included in X-Forwarded-For.
- When splitting X-Forwarded-For don't use Tf::SkipEmptyParts.
See article:
https://httptoolkit.com/blog/what-is-x-forwarded-for/
Also there is no possibility to define proxy IP ranges.
Such a feature would be useful for TreeFrog to be able to work with Claudflare proxy servers:
https://www.cloudflare.com/ips/
Some time ago I made a pull request #296 that helps solving these problems (except bug 1), but was not merged.