Index: src/ZPublisher/HTTPRequest.py
===================================================================
--- src/ZPublisher/HTTPRequest.py	(Revision 122871)
+++ src/ZPublisher/HTTPRequest.py	(Arbeitskopie)
@@ -343,20 +343,28 @@
 
         if 'REMOTE_ADDR' in environ:
             self._client_addr = environ['REMOTE_ADDR']
-            if ('HTTP_X_FORWARDED_FOR' in environ and
-                self._client_addr in trusted_proxies):
-                # REMOTE_ADDR is one of our trusted local proxies.
-                # Not really very remote at all.  The proxy can tell us the
-                # IP of the real remote client in the forwarded-for header
-                # Skip the proxy-address itself though
-                forwarded_for = [
-                    e.strip()
-                    for e in environ['HTTP_X_FORWARDED_FOR'].split(',')]
-                forwarded_for.reverse()
-                for entry in forwarded_for:
-                    if entry not in trusted_proxies:
-                        self._client_addr = entry
-                        break
+            if 'HTTP_X_FORWARDED_FOR' in environ:
+                if self._client_addr in trusted_proxies:
+                    # REMOTE_ADDR is one of our trusted local proxies.
+                    # Not really very remote at all.  The proxy can tell us the
+                    # IP of the real remote client in the forwarded-for header
+                    # Skip the proxy-address itself though
+                    forwarded_for = [
+                        e.strip()
+                        for e in environ['HTTP_X_FORWARDED_FOR'].split(',')]
+                    forwarded_for.reverse()
+                    for entry in forwarded_for:
+                        if entry not in trusted_proxies:
+                            self._client_addr = entry
+                            break
+                elif trusted_proxies:
+                    # REMOTE_ADDR sends a HTTP_X_FORWARDED_FOR but is not a member
+                    # of trusted local proxies. This could be a security problem 
+                    # due to a misconfiguration. 
+                    raise ValueError(
+                       'client %s sends a HTTP_X_FORWARDED_FOR header but is not a member of trusted local proxies %s' %
+                        (self._client_addr,trusted_proxies))
+                        
         else:
             self._client_addr = ''
 
Index: src/ZPublisher/tests/testHTTPRequest.py
===================================================================
--- src/ZPublisher/tests/testHTTPRequest.py	(Revision 122871)
+++ src/ZPublisher/tests/testHTTPRequest.py	(Arbeitskopie)
@@ -948,6 +948,18 @@
         finally:
             trusted_proxies[:] = orig
 
+    def test_trusted_proxy_errorhandling(self):
+        from ZPublisher.HTTPRequest import trusted_proxies
+        env = {'REMOTE_ADDR': '10.1.20.10',
+               'HTTP_X_FORWARDED_FOR': '10.1.20.30, 192.168.1.100' }
+
+        orig = trusted_proxies[:]
+        try:
+            trusted_proxies.append('127.0.0.1')
+            self.assertRaises(ValueError,self._makeOne,environ=env)
+        finally:
+            trusted_proxies[:] = orig
+
     def test_getHeader_exact(self):
         request = self._makeOne(environ=TEST_ENVIRON.copy())
         self.assertEqual(request.getHeader('content-type'),