X Forwarded For Single Header Insert
Published Mar 18, 2015
Version 1.0Was this article helpful?
The HTTP::header page says about
HTTP::header replace []
the following: 
Replaces the value of the last occurrence of the header named with the string . This command performs a header insertion if the header was not present. If there are multiple instances of the header, only the last instance is replaced.
 
 
Just wondering, wouldn't it be safer to remove all existing instances of
X-Forwarded-For
first, and then insert our own? That would make sure there's really only one instance of X-Forwarded-For
passed to the back-end web application: 
when HTTP_REQUEST {
HTTP::header remove X-Forwarded-For
HTTP::header insert X-Forwarded-For [IP::client_addr]
}