Sherzod Posted January 13, 2014 Posted January 13, 2014 How to identify a user who sits across PROXY? Common non-standard request headers: ... X-Forwarded-For a de facto standard for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer X-Forwarded-For: client1, proxy1, proxy2 X-Forwarded-For: 129.78.138.66, 129.78.64.103 http://en.wikipedia.org/wiki/List_of_HTTP_header_fields But, it does not work ...: UniSession.RequestHeader ['HTTP_X_FORWARDED_FOR']; Who can help? Thank you. Quote
Sherzod Posted January 17, 2014 Author Posted January 17, 2014 It's entirely up to the proxy as to whether or not it will send the http_x_forwarded_for header. Some will and some won't. Whichever proxy you were using when you printed the $_SERVER variable, hasn't send the header. Even if all proxies did send the header, you would still have a problem because anyone can spoof the http_x_forwarded_for header and so if your script treats that as the real IP, then someone could spoof it to circumvent your IP check. The best you can do if use $_SERVER['REMOTE_ADDR'] and forget about relying on http_x_forwarded_for. Yes users of proxies will be able to visit your site under a new IP, but this is better than the ability for all users to spoof the IP in http_x_forwarded_for. As an aid you could maintain a list of known proxies but again this won't ultimately give you the real client IP, it could only tell you if the IP is in your proxy list. 1 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.