Hi,
Just to add to the conversation - this is standard practice in Azure Application Gateways, and it’s infuriating. They add the port to the forwarded-for header even though they also send it in the forwarded port header.
Two feedback/change requests on Microsoft which you can vote for;
- Azure Application Gateway x-forwarded-for remove port information – Customer Feedback for Microsoft Azure
- Support for dropping port out of x-forwarded-for header – Customer Feedback for Microsoft Azure
Our “fix” is also the same as the above step, we’re manually setting the forwarded-for header to a generic ip as this caused lots of issues with users being logged out or the site not working properly.
Just out of interest, we are using a httpd redirect within the network, does anyone know if it is possible to rewrite the header and remove the port? Failing that can it be done in nginx (I am unfamiliar with nginx)?
I would look at submitting a PR if we get this fixed but the comments above seem to suggest the devs would prefer this fixing upstream - is that the case?