Skip to content

Issue #3425451: Multiple IPs returning, split and use 1st one

Hari Venurequested to merge
issue/reverse_proxy_header-3425451:1.0.x into 1.1.x

Refactor IP Address Validation for Reverse Proxy Header

Description:

This PR refactors the logic for determining the client's IP address from the reverse proxy header. Instead of picking the first IP in the list and validating it, the code now iterates through all IPs in the header and selects the first valid one.

Changes:

  • Updated logic to loop through all IPs in the reverse_proxy_header and validate each one.
  • Assigned the first valid IP as the connecting IP and updated REMOTE_ADDR.
  • Enhanced error handling and logging for invalid or empty IPs in the header.
  • Preserved secure connection states by ensuring proper handling of the HTTPS flag.
  • Improved resilience for scenarios with multiple invalid IPs.

Why:

This change ensures that the most reliable and valid IP address is used, addressing potential issues with invalid or incorrectly ordered IPs in the header.

Testing:

  • Tested with various headers containing valid and invalid IP combinations.
  • Verified proper assignment of valid IPs and appropriate logging for invalid ones.
  • Confirmed secure connection handling remains intact.

Please review the changes and provide feedback.

Merge request reports