Use last X-Forwarded-For header (#367)

This header is non-standard but AWS seems to need this.
2025-07-08 20:28:30 +00:00 · 2022-03-14 17:21:15 -07:00 · 2022-03-14 17:21:15 -07:00 · 2a938b3eaa
commit 2a938b3eaa
parent cfc557f7c7
4 changed files with 16 additions and 5 deletions
--- a/tool/net/help.txt
+++ b/tool/net/help.txt
@ -574,7 +574,8 @@ FUNCTIONS
           Returns client ip4 address and port, e.g. 0x01020304,31337 would
           represent 1.2.3.4:31337. This is the same as GetClientAddr except
           it will use the ip:port from the X-Forwarded-For header, only if
-           IsPrivateIp or IsLoopbackIp return true.
+           IsPrivateIp or IsLoopbackIp return true. When multiple addresses
+           are present in the header, the last/right-most address is used.

   GetClientAddr() → ip:uint32,port:uint16
           Returns client socket ip4 address and port, e.g. 0x01020304,31337
--- a/tool/net/redbean.c
+++ b/tool/net/redbean.c
@ -822,8 +822,12 @@ static inline void GetRemoteAddr(uint32_t *ip, uint16_t *port) {
  GetClientAddr(ip, port);
  if (HasHeader(kHttpXForwardedFor) &&
      (IsPrivateIp(*ip) || IsLoopbackIp(*ip))) {
-    ParseForwarded(HeaderData(kHttpXForwardedFor),
-                   HeaderLength(kHttpXForwardedFor), ip, port);
+    if (ParseForwarded(HeaderData(kHttpXForwardedFor),
+                       HeaderLength(kHttpXForwardedFor),
+                       ip, port) == -1)
+      WARNF("invalid X-Forwarded-For value: %`'.*s",
+            HeaderLength(kHttpXForwardedFor),
+            HeaderData(kHttpXForwardedFor));
  }
 }