buchgr · rolandjitsu · Jan 15, 2026 · mostynb · Jan 16, 2026 · rolandjitsu
diff --git a/server/http.go b/server/http.go
@@ -200,12 +200,18 @@ func (h *httpCache) handleGetValidAC(w http.ResponseWriter, r *http.Request, has
 
 // Helper function for logging responses
 func (h *httpCache) logResponse(code int, r *http.Request) {
+	remoteAddr := r.RemoteAddr
+	if xff := r.Header.Get("X-Forwarded-For"); xff != "" {
+		// XFF format: client, proxy1, proxy2
+		parts := strings.Split(xff, ",")
+		remoteAddr = strings.TrimSpace(parts[0])
+	}
 	// Parse the client ip:port
 	var clientAddress string
 	var err error
-	clientAddress, _, err = net.SplitHostPort(r.RemoteAddr)
+	clientAddress, _, err = net.SplitHostPort(remoteAddr)
 	if err != nil {
-		clientAddress = r.RemoteAddr
+		clientAddress = remoteAddr
 	}
 	h.accessLogger.Printf("%4s %d %15s %s", r.Method, code, clientAddress, r.URL.Path)
 }

diff --git a/server/http_test.go b/server/http_test.go
@@ -8,17 +8,19 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
+	"log"
 	"math"
 	"net/http"
 	"net/http/httptest"
 	"net/url"
 	"os"
+	"strings"
 	"sync"
 	"testing"
 
 	"github.com/buchgr/bazel-remote/v2/cache"
 	"github.com/buchgr/bazel-remote/v2/cache/disk"
-	"github.com/buchgr/bazel-remote/v2/utils"
+	testutils "github.com/buchgr/bazel-remote/v2/utils"
 
 	pb "github.com/buchgr/bazel-remote/v2/genproto/build/bazel/remote/execution/v2"
 	"google.golang.org/protobuf/proto"
@@ -564,3 +566,35 @@ func TestManglingACKeys(t *testing.T) {
 		t.Errorf("Wrong status code, expected %d, got %d", http.StatusNotFound, statusCode)
 	}
 }
+
+func TestResponseLog(t *testing.T) {
+	cacheDir := testutils.TempDir(t)
+	defer func() { _ = os.RemoveAll(cacheDir) }()
+
+	blobSize := int64(1024)
+
+	data, hash := testutils.RandomDataAndHash(blobSize)
+
+	// Add some overhead for likely CAS blob storage expansion.
+	cacheSize := blobSize*2 + disk.BlockSize
+
+	c, err := disk.New(cacheDir, cacheSize, disk.WithAccessLogger(testutils.NewSilentLogger()))
+	if err != nil {
+		t.Fatal(err)
+	}
+	var w bytes.Buffer
+	logger := log.New(&w, "bz-remote", 0)
+	h := NewHTTPCache(c, logger, testutils.NewSilentLogger(), true, false, false, false, "", "", math.MaxInt64)
+
+	rr := httptest.NewRecorder()
+	handler := http.HandlerFunc(h.CacheHandler)
+
+	pr := httptest.NewRequest("PUT", "/cas/"+hash, bytes.NewReader(data))
+	pr.Header.Add("X-Forwarded-For", "10.11.12.13")
+	handler.ServeHTTP(rr, pr)
+
+	logLine := w.String()
+	if !strings.Contains(logLine, "10.11.12.13") {
+		t.Errorf("expected logged IP to use X-Forwarded-For header but saw `%s`", logLine)
+	}
+}