Wrong IP in access logs when a mount is accessed right after a static resource behind a proxy

[pteich]

We are using Icecast 2.4.0-kh15 behind a proxy that forwards every request (to mounts and static content) with a correct X-Forwarded-For http header.

We noticed that every request of a regular mount is logged with a wrong IP when it happens right after an access to a static resource. In fact, the mount request is logged with the IP (from X-Forwarded-For http header) that has accessed the static url right before the mount request.

Example:

15.177.30.51 - - [01/Mar/2021:16:04:05 +0100] "GET /images/icecast.png HTTP/1.1" 200 5497 "-" "QC/Health" 0
15.177.38.51 - - [01/Mar/2021:16:04:05 +0100] "GET /sunsl-chillout-mp3-192-3900120? HTTP/1.0" 200 886887 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:85.0) Gecko/20100101 Firefox/85.0" 6

The IP 15.177.38.51 is not the real IP that accessed /sunsl-chillout-mp3-192-3900120 (although the correct one was set in X-Forwarded-For http header). It was the IP for the previous logged call to /images/icecast.png.

The next mount requests are then logged with the right IP until the next request to a static resource happens.

[jesseorr]

Add this XFF tag to your paths section, include the IPs of the proxy servers. It can be repeated to add additional IPs.

   <paths>
     <x-forwarded-for>15.177.30.51</x-forwarded-for>
   </paths>

This will trust XFF headers from the specified addresses and utilizes them as the client IP.

[pteich]

I forgot to mention that we've already added this setting for the proxy's IP to the Icecast config.

It works in general but it seems that Icecast whenever a static URL is accessed keeps this remote IP in memory and then somehow logs this wrong IP by accident to the next request of a regular mount. After that the next mount requests are getting correct IPs in log.