I have been looking for a way to find the IP Address of the client and I've found both of these HTTP Headers. From what I've found they are the same thing, but HTTP_X_FORWARDED_FOR seems more widely used. Do any of you know what the difference is and if I am going to have to check both of these? Thanks.
+2
A:
X-Forwarded-For header is not part of RFC, hence different implementation by proxy servers.
You should not rely on that value since it can be spoofed or simply not sent by proxy.
If it is important and you can afford to do it you should force requests through HTTPS and look up REMOTE_ADDR.
BojanG
2010-06-30 16:16:53
The problem with Remote_Addr is that if the user goes through a proxy, this will turn the proxy address, not the client address.
Barlow Tucker
2010-06-30 16:34:16
True for HTTP.But if you use HTTPS your REMOTE_ADDR will hold the actual client address even if it is routed through a proxy.
BojanG
2010-06-30 17:27:52
Prefect! Thanks.
Barlow Tucker
2010-07-01 04:15:44
A:
@BojanG Really useful point. I understand why this would be necessary and occur as a result of forming a HTTPS connection, but do you have any links to supporting information on this?
coderchris
2010-09-29 12:02:00