Stack Overflow
Stack Overflow

Questions tagged [x-forwarded-for]

Use for questions regarding X-Forwarded-For, a HTTP header used by HTTP proxies to send the originating request's IP address.

The X-Forwarded-For (XFF) header is a de-facto standard header for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or a load balancer.

This header is used for debugging, statistics, and generating location-dependent content and by design it exposes privacy sensitive information, such as the IP address of the client. Therefore the user's privacy must be kept in mind when deploying this header.

A standardized version of this header is the HTTP Forwarded header.

X-Forwarded-For is also an email-header indicating that an email-message was forwarded from another account.

Resource:

MDN web docs

76 questions
0
votes
0 answers

how to set squid proxy server to get client real ip address

My clients http requests go through Squid proxy server to connect to backend apache web server. A php script in the backend webserver gets clients' real ip address as below: if (!empty($_SERVER['HTTP_CLIENT_IP'])) { …
Steven Lu
  • 1
  • 1
0
votes
1 answer

Apache httpd (mod_proxy) seems to drop/ignore 3rd IP address in X-Forwarded-For chain?

Consider the scenario/flow: remote user (client) > proxy1 > proxy2 > AWS ALB > httpd/reverse_proxy > my_application As user's request traverses out of their network, the X-Forwarded-For (XFF) header is appended with IP address of each successive…
qwolf0
  • 1
  • 3
0
votes
0 answers

Nginx deny ip not working when I use ddos denfence server as frontend

I want add block IP address into nginx configure.But it still can be accessed using curl ! ... log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent $request_time "$http_referer" ' …
user9407425
  • 11
  • 3
0
votes
1 answer

Difference Between x-forwarded-for and client_ip in HTTP Log Files?

For obtaining originating Client IP address,X-forwarded-for is usually used.But in http log file,I saw something like this example: client_ip=1.1.1.1 x-forwarded-for=2.2.2.2 is there any difference between these two IP's?
Mohammad FA
  • 41
  • 3
0
votes
1 answer

nginx get origin client ip from x-forwarded for using map module

Ip have request flows through 3 nginx proxy, and ip got the x-forwarded-for list ip of : 192.168.10.222, 192.168.10.178, 192.168.10.179 how can I get the first ip using map module ? I've found this but can't make it working: map…
NOZUONOHIGH
  • 1,084
  • 15
  • 17
0
votes
1 answer

X-Forwarded-For not working in apache web server

Good day, The following is the architect diagram of my web project. Internet --> F5 Load balancer --> Apache web server --> web application I am trying to make the Apache web server receive the user ip from internet from the load balancer. However,…
Panadol Chong
  • 1,389
  • 8
  • 40
  • 80
0
votes
1 answer

How to read Client-IP with x-forward-for instead of LB IP on http requests in Apache config

I need for a RewriteCond syntax inside the httpd conf the real IP instead of the Proxy / Loabalancer IP. My use case is a maintenance page, that should be displayed to all users except some users from my exception list, defined by IP adresses…
AlexdD1979
  • 13
  • 3
0
votes
1 answer

How to identify https clients through proxy connection

We have developed a corporate NodeJS application served through http/2 protocol and we need to identify clients by their IP address because the server need to send events to clients based on their IP (basically some data about phone calls). I can…
bitifet
  • 3,083
  • 13
  • 30
0
votes
1 answer

No more inetpub logs created after W3SVC99

I am currently migrating sites to Windows Server 2016. Running IIS 10.0.14393.0. All sites in application pools above the ID of 99 do not have a folder inside C:\inetpub\logs\LogFiles. These sites are running as usual, but the traffic is not…
TaintedLemon
  • 588
  • 6
  • 16
0
votes
0 answers

Why "X-Forwarded-For" and "Via" headers missing when resource is requested by https?

I am building an Asp.Net Core web application. I have created a resource that returns request headers as json. I assume, that when I request this resource through transparent proxy server (from list…
Олег Рубин
  • 27
  • 2
0
votes
1 answer

Block IP’s at NGINX level with multiple domains on AWS ALB

I have an AWS ALB and it is attached to multiple domain names. The ALB forwards the traffic to a EC2 machine with NGINX, here NGINX also has multiple domains associated with it. I want to allow access to one of my domains from specific IP’s only.…
Lijo Abraham
  • 134
  • 12
0
votes
1 answer

How to add the client ip in request header in fiddler

I am using fiddler as a reverse proxy, I want to forward the client ip in the request header so that the server can get it like this: oSession.oRequest["X-Forwarded-For"]=; But I don't know the variable name that I should set, can anyone help me…
zhengyu
  • 525
  • 3
  • 5
  • 18
0
votes
4 answers

I am using CloudFlare. How do I block access to my site admin to all but my IP address using .htaccess

My application runs on an ubuntu server which sits behind cloudflare. I want to redirect requests for example.com/admin to show 404 if the visitor is not coming from my IP 123.1.2.3 I tried this I also tried using RewriteCond…
Jez D
  • 1,391
  • 1
  • 23
  • 48
0
votes
1 answer

Block traffic based on x-forwarded-for with Checkpoint IPS

Say http/https requests are coming from a client behind an AWS elastic load balancer, and so Checkpoint sees the IP address of the load balancer as the source of the request. Is it possible to use the x-forwarded-for header in a request to configure…
amparito
  • 133
  • 3
  • 10
0
votes
0 answers

x-forwaded-for add to http request header

My web application does not return "x-forwarded-for" header in the HTTP request. I need to this header to identify client IP as the application otherwise returns load balancer/proxy IP using getRemoteAddr().
Palak
  • 23
  • 1
  • 1
  • 7
1 2 3
4
5 6