The X_Forwarded_For proxy type isn't handled correctly:
The code attempts to parse a port out of the X-Forwarded-For header. But proxies don't send the port in this header (as far as I know). When sent at all, X-Forwarded-Port is used.
The parsing splits on a : to find the port. This breaks IPv6 addresses, which are colon-separated. So, it interprets the first hextet (such as 2600) as the user IP, and tries to get a decimal port out of the second hextet, which of course is a bad result.
It does parsing even if there is no forwarding header, that is, to the original rqClientAddr. This is inefficient, and also means that IPv6 addresses break even when the request is not forwarded.
This PR fixes these issues, and supports X-Forwarded-Port. I also add a check that X-Forwarded-For is not empty.
The
X_Forwarded_Forproxy type isn't handled correctly:The code attempts to parse a port out of the
X-Forwarded-Forheader. But proxies don't send the port in this header (as far as I know). When sent at all,X-Forwarded-Portis used.The parsing splits on a
:to find the port. This breaks IPv6 addresses, which are colon-separated. So, it interprets the first hextet (such as2600) as the user IP, and tries to get a decimal port out of the second hextet, which of course is a bad result.It does parsing even if there is no forwarding header, that is, to the original
rqClientAddr. This is inefficient, and also means that IPv6 addresses break even when the request is not forwarded.This PR fixes these issues, and supports
X-Forwarded-Port. I also add a check thatX-Forwarded-Foris not empty.