Jump to content

How to identify a user who sits across PROXY?


Recommended Posts

How to identify a user who sits across PROXY?

Common non-standard request headers:



X-Forwarded-For a de facto standard for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer


X-Forwarded-For: client1, proxy1, proxy2






But, it does not work ...: 
UniSession.RequestHeader ['HTTP_X_FORWARDED_FOR'];


Who can help?


Thank you.
Link to comment
Share on other sites

It's entirely up to the proxy as to whether or not it will send the http_x_forwarded_for header. Some will and some won't. Whichever proxy you were using when you printed the $_SERVER variable, hasn't send the header.


Even if all proxies did send the header, you would still have a problem because anyone can spoof the http_x_forwarded_for header and so if your script treats that as the real IP, then someone could spoof it to circumvent your IP check.


The best you can do if use $_SERVER['REMOTE_ADDR'] and forget about relying on http_x_forwarded_for. Yes users of proxies will be able to visit your site under a new IP, but this is better than the ability for all users to spoof the IP in http_x_forwarded_for.


As an aid you could maintain a list of known proxies but again this won't ultimately give you the real client IP, it could only tell you if the IP is in your proxy list.
  • Upvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...