Jump to content

Recommended Posts

Posted
How to identify a user who sits across PROXY?
 

Common non-standard request headers:

...

 

X-Forwarded-For a de facto standard for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer

 

X-Forwarded-For: client1, proxy1, proxy2

X-Forwarded-For: 129.78.138.66, 129.78.64.103

 

http://en.wikipedia.org/wiki/List_of_HTTP_header_fields

 

 

But, it does not work ...: 
UniSession.RequestHeader ['HTTP_X_FORWARDED_FOR'];

 

Who can help?

 

Thank you.
Posted
It's entirely up to the proxy as to whether or not it will send the http_x_forwarded_for header. Some will and some won't. Whichever proxy you were using when you printed the $_SERVER variable, hasn't send the header.

 

Even if all proxies did send the header, you would still have a problem because anyone can spoof the http_x_forwarded_for header and so if your script treats that as the real IP, then someone could spoof it to circumvent your IP check.

 

The best you can do if use $_SERVER['REMOTE_ADDR'] and forget about relying on http_x_forwarded_for. Yes users of proxies will be able to visit your site under a new IP, but this is better than the ability for all users to spoof the IP in http_x_forwarded_for.

 

As an aid you could maintain a list of known proxies but again this won't ultimately give you the real client IP, it could only tell you if the IP is in your proxy list.
  • Upvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...