# HG changeset patch
# User Marcin Kuzminski <marcin@python-works.com>
# Date 2013-01-08 20:42:48
# Node ID 8046d1979674d807c7cffcb36e0d468e5e04a41d
# Parent  46234d2d388fc4d019e38accbd8bf714a8476bd2

fix multiple ips addresses in X_FORWARDER_FOR header

diff --git a/rhodecode/lib/base.py b/rhodecode/lib/base.py
--- a/rhodecode/lib/base.py
+++ b/rhodecode/lib/base.py
@@ -37,13 +37,18 @@ def _get_ip_addr(environ):
     proxy_key2 = 'HTTP_X_FORWARDED_FOR'
     def_key = 'REMOTE_ADDR'
 
-    ip = environ.get(proxy_key2)
+    ip = environ.get(proxy_key)
     if ip:
         return ip
 
-    ip = environ.get(proxy_key)
-
+    ip = environ.get(proxy_key2)
     if ip:
+        # HTTP_X_FORWARDED_FOR can have mutliple ips inside
+        # the left-most being the original client, and each successive proxy 
+        # that passed the request adding the IP address where it received the 
+        # request from.
+        if ',' in ip:
+            ip = ip.split(',')[0].strip()
         return ip
 
     ip = environ.get(def_key, '0.0.0.0')