From 2a507fcac5dc0791d9bc1a4bcf070cae0558a17b Mon Sep 17 00:00:00 2001 From: calzoneman Date: Thu, 17 Apr 2014 00:03:32 -0500 Subject: [PATCH] Fix incorrect parsing of x-forwarded-for in webserver.ipForRequest --- lib/web/webserver.js | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/lib/web/webserver.js b/lib/web/webserver.js index cf98e969..67fd7c19 100644 --- a/lib/web/webserver.js +++ b/lib/web/webserver.js @@ -37,11 +37,18 @@ function ipForRequest(req) { var ip = req.ip; if (ip === "127.0.0.1" || ip === "::1") { var xforward = req.header("x-forwarded-for"); - if (typeof xforward !== "string" || !net.isIP(xforward)) { - return ip; + if (typeof xforward !== "string") { + xforward = []; } else { - return xforward; + xforward = xforward.split(","); } + + for (var i = 0; i < xforward.length; i++) { + if (net.isIP(xforward[i])) { + return xforward[i]; + } + } + return ip; } return ip; }