client_ip with X-Forwarded-For + Rack

[zl4bv]

When using the Rack middleware and client IPs are being set via the X-Forwarded-For header, it looks like the client IP is being sent to the X-Ray service as the last character of the header value.

Rackup snippet for reproduction:

# config.ru
require 'aws-xray-sdk'
require 'aws-xray-sdk/facets/rack'

XRay.recorder.configure(name: 'example')

class HelloWorld
  def call(env)
    [200, {"Content-Type" => "text/html"}, ["Hello World!\n"]]
  end
end

use XRay::Rack::Middleware
run HelloWorld.new

The following commands trigger a trace to be sent to localhost on UDP port 2000 (the X-Ray default).

$ curl --header "X-Forwarded-For: 1.2.3.4" localhost:9292

Results in client_ip set to 4.

$ curl --header "X-Forwarded-For: 1.2.3.4, 5.6.7.8" localhost:9292

Results in client_ip set to 8.

Payload sent to X-Ray daemon

{"name":"example","id":"0c01ca44eb76e204","start_time":1519090666.569221,"end_time":1519090666.56938,"http":{"request":{"url":"http://localhost:9292/","user_agent":"curl/7.54.0","method":"GET","client_ip":"8","x_forwarded_for":true},"response":{"status":200,"content_length":82}},"trace_id":"1-5a8b7bea-6ad09f5d5612bb63e07fadb3"}

$ curl --header "X-Forwarded-For: abcdef" localhost:9292

Results in client_ip set to f.

[haotianw465]

The rack middleware tries to extract the last IP address from X-Forwarded-For if the value is a list of IP addresses. But the actual logic treat the input as a array instead of a string. https://github.com/aws/aws-xray-sdk-ruby/blob/master/lib/aws-xray-sdk/facets/rack.rb#L79

Will fix this soon.

[haotianw465]

This has been addressed in 0.10.1 release.