On Aug 3, 2007, at 7:03 AM, Torsten Foertsch wrote:
This idea won't work in general. First, not all proxies set an X-
Forwarded-For
header. Second, many proxies sit in front of private networks
10.0.0.0/8 or
172.16.0.0/16 or 192.168.0.0/16 or 127.0.0.0/8. If they set the
header you
get different clients with the same IP-address. Also, be aware that
a request
can travel through multiple proxies. Thus, you can get multiple
X-Forwarded-For headers.
I'll go a step further, and say that this is a particularly bad
idea. ( for essentially the same reasons above ).
The only proxy server headers you should care about or trust are
those that are from your own LAN.
Your firewall/gateway/whatever should ideally strip the x-forwarded-
for , or rename it to something else. xff should your internal lan
marking. its trivial for people to spoof headers, its trivial for
poorly designed networks to just insert inane headers as well.
Its not a matter of whether its feasable to access that information -
its just that the information is worthless and not trustable simply
by the design of the protocol and current global implementations.
in almost any case, using these will lead to issues in your system .
That said, for header manipulation, you can reference these module
MP1 http://search.cpan.org/dist/Apache-ForwardedFor/
MP2 http://search.cpan.org/dist/Apache2-xForwardedFor
note they both operate as a handler and override the info in $r ; you
ESPECIALLY DO NOT want to do that in your case
// Jonathan Vanasco
Founder/President - FindMeOn
Fonder/CEO - RoadSound
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - -
| FindMeOn.com - The cure for Multiple Web Personality Disorder
| Web Identity Management and 3D Social Networking
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - -
| RoadSound.com - Tools For Bands, Stuff For Fans
| Collaborative Online Management And Syndication Tools
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - -