[KLUG Members] Getting X-Forwarded-For

[Bruce Smith]

I'm sure this works because I was recently surfing some site through
squid, and it had one of those little things on the web page that tells
you what IP you're coming from, what browser you're using, etc.  And it
listed the IP of the proxy server AND the real IP of my workstation.
I remember wondering at the time how it knew my workstation's IP.
Unfortunately I can't remember what site this was.  :-(

Did you try a phpinfo() and doing a browser-search for the info?

And you're not by chance bypassing the proxy on a local web server?  :-)

 - BS


> When an HTTP client traverses a proxy the proxy is supposed to add the
> X-Forwarded-For (I have "forwarded_for on" in my squid.conf).  So in PHP
> code I want to grab the value of this header,  but for the life of me I
> can't find the thing.
> 
> $headers = apache_request_headers();
> if (array_key_exists('X-Forwarded-For', $headers)) {
>   printf("Ah ha!  You crazy cat, you\'re using a proxy server!\n");
>   printf("Your host\'s IP address is %s\n",
> $headers["X-Forwarded-For"]);
>  } else {
>      printf("Oh, my!  Aren't we a slacker,  not bothering to use a proxy
> server.\n");
>      printf("Your host's IP address is: %s\n", $_SERVER['REMOTE_ADDR']);
>     }
> 
> <aside>Googling on this pretty much just finds a bunch of twits who want
> to appear smart so they are going on and on about how you can't trust
> HTTP headers and not to use them for authentication, blah, blah, blah
> (pretty much all copy-n-pasting something they read somewhere);
> sometimes Google is very frustrating.</aside>
> 
> The above code always says a proxy is not in use although it merrily
> returns the IP address of the proxy.  Anyone know if this is a squid
> thing, and apache thing, or a PHP thing?