Jon, it's the responsibility of your proxy to set X-Forwarded-For, and of the Application to check :port if it cares about the real port, or the X-Forwarded-For list in the case that you acknowledge the request might be proxied.
Often XFF can be used to trick sites that use it for some `security` (not your case) as the client can spoof it.
In case you use NGinx, at least you can specify to proxy transparently (completely) - so your app wouldn't be any wiser.
Some proxies (Akamai) will also set a True-Client-IP header to the value set last in XFF.
Hope that makes sense Jon (would be nice to have a standard Ruby way to look at the proxies & original client info from the `smart` places, as it comes up for a lot of people. Here's a snippet of a nginx backend configuration that solved this in the easiest way for me.
https://gist.github.com/46cc2ba95794f5c92693
- Lee
On 28 November 2010 15:21, Jon Leighton
<j@jonathanleighton.com> wrote:
Hi there,
I have encountered a problem with redirects with Sinatra proxied by
Apache. Basically, the port number of the backend application server
(Mongrel or whatever) will appear in the Location header.
I've done a fairly extensive investigation here: https://github.com/jonleighton/redirect_test
If you read README.md it basically explains everything in detail, but
what it boils down to is this: Rack::Request#port is incorrect, in
that it uses SERVER_PORT when no explicit port is given by
host_with_port.
Rails is not affected, since it implements its own
ActionDispatch::Request#port method. I believe the Rails
implementation is correct and should be implemented in Rack.
If people agree with this analysis then I'm happy to produce a patch
against Rack.
Cheers,
Jon
--
http://jonathanleighton.com/