[KLUG Members] Getting X-Forwarded-For

bill bill at billtron.com
Fri Jan 6 10:25:01 EST 2006

Previous message: [KLUG Members] Getting X-Forwarded-For
Next message: [KLUG Members] Fou4s anyone?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2006-01-06 at 10:01, Adam Tauno Williams wrote:
> When an HTTP client traverses a proxy the proxy is supposed to add the
> X-Forwarded-For (I have "forwarded_for on" in my squid.conf).  So in PHP
> code I want to grab the value of this header,  but for the life of me I
> can't find the thing.
> 
> $headers = apache_request_headers();
> if (array_key_exists('X-Forwarded-For', $headers)) {

	// not sure this is right, have you tried 'HTTP_X_FORWARDED_FOR' 

>   printf("Ah ha!  You crazy cat, you\'re using a proxy server!\n");
>   printf("Your host\'s IP address is %s\n",
> $headers["X-Forwarded-For"]);
>  } else {
>      printf("Oh, my!  Aren't we a slacker,  not bothering to use a proxy
> server.\n");
>      printf("Your host's IP address is: %s\n", $_SERVER['REMOTE_ADDR']);
>     }
> 
> <aside>Googling on this pretty much just finds a bunch of twits who want
> to appear smart so they are going on and on about how you can't trust
> HTTP headers and not to use them for authentication, blah, blah, blah
> (pretty much all copy-n-pasting something they read somewhere);
> sometimes Google is very frustrating.</aside>
> 
> The above code always says a proxy is not in use although it merrily
> returns the IP address of the proxy.  Anyone know if this is a squid
> thing, and apache thing, or a PHP thing?

Well, if the key name isn't right but it is using a proxy it will fail
the first test, then print the IP of the REMOTE_ADDR variable, which is
the proxy IP.

Try phpinfo() to see what all is available. That way you can copy and
paste they key(s) into your condition statement.

Any header can be added programatically (spoofed), and I think the
forwarded-for header can occur more than once (going through more than
one proxy).

kind regards,

bill
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.kalamazoolinux.org/pipermail/members/attachments/20060106/e6c3128c/attachment.bin

Previous message: [KLUG Members] Getting X-Forwarded-For
Next message: [KLUG Members] Fou4s anyone?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Members mailing list