On Aug 3, 2007, at 7:03 AM, Torsten Foertsch wrote:
This idea won't work in general. First, not all proxies set an X- Forwarded-For header. Second, many proxies sit in front of private networks 10.0.0.0/8 or 172.16.0.0/16 or 192.168.0.0/16 or 127.0.0.0/8. If they set the header you get different clients with the same IP-address. Also, be aware that a requestcan travel through multiple proxies. Thus, you can get multiple X-Forwarded-For headers.
I'll go a step further, and say that this is a particularly bad idea. ( for essentially the same reasons above ).
The only proxy server headers you should care about or trust are those that are from your own LAN.
Your firewall/gateway/whatever should ideally strip the x-forwarded- for , or rename it to something else. xff should your internal lan marking. its trivial for people to spoof headers, its trivial for poorly designed networks to just insert inane headers as well.
Its not a matter of whether its feasable to access that information - its just that the information is worthless and not trustable simply by the design of the protocol and current global implementations.
in almost any case, using these will lead to issues in your system . That said, for header manipulation, you can reference these module MP1 http://search.cpan.org/dist/Apache-ForwardedFor/ MP2 http://search.cpan.org/dist/Apache2-xForwardedFornote they both operate as a handler and override the info in $r ; you ESPECIALLY DO NOT want to do that in your case
// Jonathan Vanasco Founder/President - FindMeOn Fonder/CEO - RoadSound| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| FindMeOn.com - The cure for Multiple Web Personality Disorder | Web Identity Management and 3D Social Networking| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| RoadSound.com - Tools For Bands, Stuff For Fans | Collaborative Online Management And Syndication Tools| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.