Edgewall Software

Opened 8 years ago

Closed 7 years ago

Last modified 7 years ago

#11718 closed defect (wontfix)

Logged IP behind proxy

Reported by: ak Owned by: Jun Omae
Priority: normal Milestone:
Component: general Version: 1.0.1
Severity: minor Keywords: patch proxy
Cc: Branch:
Release Notes:
API Changes:
Internal Changes:


If Nginx is used behind a proxy like Nginx, the IP of the author is always logged as This is not desirable. The following patch can be used:

  • trac/web/api.py

    348348    @property
    349349    def remote_addr(self):
    350350        """IP address of the remote user"""
    351         return self.environ.get('REMOTE_ADDR')
     351        return self.environ.get('HTTP_X_REAL_IP') or self.environ.get('REMOTE_ADDR')
    353353    @property
    354354    def remote_user(self):

Attachments (0)

Change History (8)

comment:1 by Jun Omae, 8 years ago

Milestone: next-stable-1.0.x

Using X-Real-IP would be to avoid troubles. But, I think X-Forwarded-For is in more common use.

  • trac/web/api.py

    diff --git a/trac/web/api.py b/trac/web/api.py
    index 6777b1c..2e0ef97 100644
    a b class Request(object):  
    382382        """Query part of the request"""
    383383        return self.environ.get('QUERY_STRING', '')
     385    _x_forwarded_for_re = re.compile(r'\s*,\s*')
    385387    @property
    386388    def remote_addr(self):
    387389        """IP address of the remote user"""
     390        value = self.environ.get('HTTP_X_REAL_IP')
     391        if value:
     392            return value
     393        value = self.environ.get('HTTP_X_FORWARDED_FOR')
     394        if value:
     395            # first address is the original client
     396            return self._x_forwarded_for_re.split(value)[0]
    388397        return self.environ.get('REMOTE_ADDR')
    390399    @property

comment:2 by ak, 8 years ago

Keywords: patch added

Patch is included. I believe it is customary to add a keyword.

comment:3 by Jun Omae, 8 years ago

Keywords: proxy added
Milestone: next-stable-1.0.x1.0.3
Owner: set to Jun Omae
Status: newassigned

comment:4 by Jun Omae, 8 years ago


comment:5 by Ryan J Ollos, 8 years ago


comment:6 by Jun Omae, 7 years ago

After reconsideration, I'd suggest wontfix. We cannot always trust X-Real-IP header since anyone can send it with any value.

Instead, add the following to your *.wsgi script.

_known_remotes = ['']  # replace with your proxy's addresses

def application(environ, start_request):
    if 'HTTP_X_REAL_IP' in environ and \
            environ.get('REMOTE_ADDR') in _known_remotes:
        environ['REMOTE_ADDR'] = environ['HTTP_X_REAL_IP']
    from trac.web.main import dispatch_request
    return dispatch_request(environ, start_request)

comment:7 by Jun Omae, 7 years ago

Milestone: 1.0.5
Resolution: wontfix
Status: assignedclosed


comment:8 by Peter Suter, 7 years ago

(X-Forwarded-For was also discussed in #5199 and #863.)

Modify Ticket

Change Properties
Set your email in Preferences
as closed The owner will remain Jun Omae.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from Jun Omae to the specified user.

Add Comment

E-mail address and name can be saved in the Preferences .
Note: See TracTickets for help on using tickets.