|WikiProject Internet||(Rated C-class, High-importance)|
|This article is prone to spam. Please monitor the external links section.|
It would be nice to list the various permutations and the vendors that use them. I've got some code I've been using some variety of for about 10 years that collects eight headers beyond the remote IP:
Via, which just names the proxy server platform
- According to HAProxy, Zeus Web Servers require X-Cluster-Client-IP.
- 188.8.131.52 (talk) 14:18, 2 October 2009 (UTC)
The "Format" section of this article current says the following:
- The general format of the header is:
- X-Forwarded-For: client1, proxy1, proxy2
- where the value is a comma+space separated list of IP addresses, the left-most being the farthest downstream client, and each successive proxy that passed the request adding the IP address where it received the request from. In this example, the request passed proxy1, proxy2, and proxy3 (proxy3 appears as the client).
But there is no "proxy3" in the example. The numbering implies that the example should read:
- X-Forwarded-For: client1, proxy1, proxy2, proxy3
but then the text would seem to be saying that XFF would report the client IP at both the front and back of the chain, which makes no sense. Is this suppose to be saying "proxy3 being the IP that appears to be the client" to some component in this situation, like the end-user application or some network report? If so, the prose should say this, and the example should include the "proxy3". As it is, it makes no sense to someone not versed in XFF, who is the intended audience of the article. (Why would someone who knows XFF need the information?) I'd fix this myself, but I don't know whether this is a technical error or actual confusion of the editors. ~ Jeff Q (talk) 01:06, 25 October 2007 (UTC)
Jeffq: You are right. I had to read this page to interpret what was being said. Re-wording would probably be nice. —Preceding unsigned comment added by 184.108.40.206 (talk) 06:20, 23 December 2007 (UTC)
Why provide it?
The article doesn't seem to say why proxies would want to add this header on to the request. I think one reason is that, since servers often block abusive users by IP address, by providing an accurate X-Forwarded-For header the proxy administrator can reduce the chance that legitimate users on the same proxy are blocked along with the abusive proxy users. --Thenickdude (talk) 06:01, 8 September 2009 (UTC)
- For provy administrators, it's important to allow sites to accurately report abuse. When abusers use a proxy, this header allows them to be identified accurately by the remote site (with the help of the proxy administrator). Since anyone can set this header on their HTTP requests it should never be assumed to be accurate unless if you can trust the proxy (often the case when the proxy is a local load-balancer or reverse-proxy).
- This header is also widely used with load-balancers and reverse proxies to allow passing the remote user's IP address to the web servers behind them for geo-targeting or blocking abusers by their IP Address
- 220.127.116.11 (talk) 14:28, 2 October 2009 (UTC)
Advertisement in article
In the Proxy servers and caching engines section, there is an advertisement for a specific product for IIS to log IPs from X-Forwarded-For headers. There are other alternatives and there is no reason this specific product be listed here. I will remove it.
For example there is this one which is community-supported and free: http://devcentral.f5.com/downloads/codeshare/F5XForwardedFor.zip
HTTP_X_FORWARDED_FOR seems to be a common incarnation of this, but I can't seem to find any origins. It would be interesting to see which proxies use this over "X-FORWARDED-FOR" as documented in this article. --Hm2k (talk) 08:17, 26 April 2011 (UTC)