Fix extraction of IPv6 addresses from "Forwarded" header field (!45) · Merge requests · Hugo Leisink / Hiawatha web server

Joachim Kross requested to merge demsjf8/hiawatha:demsjf8-master-patch-17499 into master Oct 19, 2023

IPv6 addresses in the "Forwarded" header field are not only enclosed by double quotes, but also by square brackets (*). Those need to be removed as well before attempting to extract the actual IPv6 address.

Currently, extraction of an IPv6 address from a "Forwarded" header field always fails with RFC-compliant "Forwarded" header fields (**). This affects e.g. access control, rate limiting, and logging.

* This is in contrast to the "X-Forwarded-For" header field, where neither quotes nor brackets are used with IPv6 addresses.

** See the examples in RFC 7239, which e.g. Apache Traffic Server 8.1.7 adheres to.

Admin message

Fix extraction of IPv6 addresses from "Forwarded" header field

Merge request reports