W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2008

Re: X-Forwarded-For and IPv6?

From: Mark Nottingham <mnot@mnot.net>
Date: Mon, 15 Sep 2008 12:51:51 +1000
Cc: ietf-http-wg@w3.org
Message-Id: <6815D502-28F9-4781-A904-C0D0528C6BFF@mnot.net>
To: Adrian Chadd <adrian@creative.net.au>

Not sure what other intermediaries are doing here, but it seems to me  
that it might require a new header, since I'd imagine most software  
would be built with the assumption of  ipv4.

Such a new header would need to include ipv4 *and* 6 addresses in it  
(to allow the receiver to reconstruct the chain properly).

If you do mint a new header, please please please don't prepend X-...

Cheers,


On 27/08/2008, at 10:55 PM, Adrian Chadd wrote:

>
> G'day,
>
> It strikes me that there may be a variety of software out there  
> expecting
> IPv4-only like strings in X-Forwarded-For (and making security  
> decisions
> based on them!) and introducing IPv6-aware intermediaries may  
> confuse things
> somewhat.
>
> Squid has grown IPv6 support and from what I recall, shuffles IPv6 IP
> strings into the XFF header. I'll have to re-check the code though.
>
> Just out of curiousity, what are other intermediaries doing for IPv6
> addresses inside X-Forwarded-For headers?
>
>
>
>
> Adrian
>
>
>


--
Mark Nottingham     http://www.mnot.net/
Received on Monday, 15 September 2008 02:52:30 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:54 GMT