allows people to set the X-Forwarded-For header key and disable it by

setting an empty string. close #268 . Thanks for the feedback!

gunicorn/config.py

@@ -582,6 +582,16 @@ class SecureSchemeHeader(Setting):
         It is important that your front-end proxy configuration ensures that
         the headers defined here can not be passed directly from the client.
         """
+class XForwardedFor(Setting):
+    name = "x_forwarded_for_header"
+    section = "Server Mechanics"
+    meta = "STRING"
+    validator = validate_string
+    default = 'X-FORWARDED-FOR'
+    desc = """\
+        Set the X-Forwarded-For header that identify the originating IP
+        address of the client connection to gunicorn via a proxy.
+        """
 
 class AccessLog(Setting):
     name = "accesslog"

gunicorn/http/wsgi.py

@@ -68,14 +68,15 @@ def create(req, sock, client, server, cfg):
     url_scheme = "http"
     script_name = os.environ.get("SCRIPT_NAME", "")
 
-    secure_headers = getattr(cfg, "secure_scheme_headers")
+    secure_headers = cfg.secure_scheme_headers
+    x_forwarded_for_header = cfg.x_forwarded_for_header
 
     for hdr_name, hdr_value in req.headers:
         if hdr_name == "EXPECT":
             # handle expect
             if hdr_value.lower() == "100-continue":
                 sock.send("HTTP/1.1 100 Continue\r\n\r\n")
-        elif hdr_name == "X-FORWARDED-FOR":
+        elif hdr_name == x_forwarded_for_header:
             forward = hdr_value
         elif (hdr_name.upper() in secure_headers and
               hdr_value == secure_headers[hdr_name.upper()]):