another X-Forwarded-For thread #73
Description
Is it considered OK that XFF messes up ipify logic:
$ curl 'https://api.ipify.org?format=json'
{"ip":"-.-.-.60"} <-- correct IP blanked out
$ curl -H "X-Forwarded-For: 127.0.0.1" 'https://api.ipify.org?format=json'
{"ip":"127.0.0.1"}
Asking as some user was using ipify.org output saying I do not know what I was talking about, but it is in fact ipify.org that does not know how to handle XFFs properly
At least it knows to strip out rightmost XFFs, which is good:
curl -H "X-Forwarded-For: 127.0.0.1,255.255.255.255" 'https://api.ipify.org?format=json'
{"ip":"127.0.0.1"}
-Eric