The surprising complexity of interpreting X-Forwarded-For safely

I've seen a lot of uncertainty and misunderstandings about how to handle IP addresses correctly when developing and operating a web service:

  • What's my user's IP address?
  • How do I use the X-Forwarded-For header?
  • What's the difference between that and X-Real-IP or other HTTP headers?

This post explains the need for X-Forwarded-For (hereafter, "XFF"), provides a mental model for working with it, and then gives guidance on how to handle different situations.

I'll first cover why it exists, how to think about it, how to use it, and finally some alternative approaches that may be more appropriate.

(See the end for a summary.)

Repairing a difficult hole in a compost tumbler

A few years ago an upstairs neighbor built this compost bin out of a food shipping barrel. It works fairly well. Rats chewed a hole in the door, which I repaired by bolting on some aluminum sheets. But then this autumn, rats struck again, this time chewing a hole in one of the most obnoxious possible places: Just below the axle.

Photo of compost tumbler, a plastic barrel on its side
       with a metal pole stuck through the axis; the pole is resting
       on crossbars, keeping the barrel off the ground. The pole goes
       through a hole in the center of the plastic lid, but there's a
       6 cm tall expansion gnawed into the plastic, running

Mechanically, this wasn't awful. I could still turn the tumbler, and halfway through the rotation it would drop a few centimeters, then drop again when turned all the way around. The plastic is astonishingly sturdy, and hasn't buckled much at all over the several years it has been sitting under load. No, the real problem is that now the rats can get in. I don't have anything against rats, per se, but there are a lot of good reasons to keep them out. (Additional future damage; rats bringing plastic bags in as nesting material; city fining us; available food leading to more rats; etc.) So the hole had to go.

Conversation splitting in chat servers

One thing that frequently happens on IRC, Slack, Discord and other group chat systems is that a conversation will be happening in a channel and someone else will want to start a separate conversation. That separate conversation can easily get drowned out, or drown out the other one. There are various existing cultural and technical solutions to this.

A review of the Powder House roundabout redesign (from a cyclist's perspective)

My city recently redesigned a nearby intersection for higher safety and efficiency. It looked good on paper, but in practice the bike lanes turned out to present some difficulties. I ran through it a few times to get a better understanding of it; this post presents video of the runs, some analysis and observations, and finally a suggestion for how to improve it.

Why carry a knife?

Every since I was a young teen I've been in the habit of carrying a knife on my belt, specifically a "Swiss Army knife"-style multitool. This started when I was gifted a knife a family friend had had when he was in the Boy Scouts. It turns out to be hugely useful to have a knife on hand, since it's effectively several tools in one (even before you get to the rest of the multitool—bottle opener, scissors, screwdrivers, etc.)

Every once in a while, though, I encounter someone who is put out by the idea of carrying a knife, sometimes even nervous or alarmed by the idea of it. Out of the context of the kitchen or workshop, they seem to picture all knives as weapons, not tools. (I suspect these are mostly people who grew up in a suburban environment, never far from the tools they can retrieve from the kitchen or garage.) There's a cultural component here for sure, where people who grow up in rural areas are used to carrying a knife for use on the farm, in the woods, etc. But I've also come to understand that if someone has never carried one, they just have no idea how damned useful they are.

So, in this post I describe how I end up using mine, which may help people understand what the appeal is.

