lör 2008-04-12 klockan 01:58 +0800 skrev howard chen: > Is it safe that is must be the remote IP (x.x.x.x) of the user, no > cheating is available (e.g. user might set the X-Forward header by > themself)?
Squid adds to the already existing header if any, so X-Forwarded-For may contain a list of addresses. The last address in the list is the address your Squid received the request from. The first (if more than one) is supposedly the client IP if behind another Squid proxy, but may be cheated in the way you describe so you should only read the list as far as you trust the found members.
