Use leftmost address when parsing `X-Forwarded-For` header for client IP
When a client passes through multiple proxies, each subsequent address is appended to the X-Forwarded-For header, resulting in a comma-separated list of IP addresses:
X-Forwarded-For: <client>, <proxy1>, <proxy2>
Right now BridgeDB only looks for the client's IP in the rightmost address
if useForwardedHeader: header = request.getHeader("X-Forwarded-For") if header: index = -1 ip = header.split(",")[index].strip() if skipLoopback: logging.info(("Parsing X-Forwarded-For again, ignoring " "loopback addresses...")) while isLoopback(ip): index -= 1 ip = header.split(",")[index].strip() if not skipLoopback and isLoopback(ip): logging.warn("Accepting loopback address: %s" % ip) else: if not isIPAddress(ip): logging.warn("Got weird X-Forwarded-For value %r" % header) ip = None
This causes trouble with our Moat and Apache ProxyPass setup, which results in X-Forwarded-For headers like the following:
X-Forwarded-For: <client>, ... <proxies> ... <local address>
I think we should modify this to parse the addresses from left to right, ignoring loopback/internal addresses, until we find a valid address for the client.