X-Forwarded-For

The X- Forwarded- For ( XFF ) is a de facto standard HTTP header entry in the Internet. The header is used to convey the user's IP address, if the access by a proxy at a web server.

Mostly, these proxies are part of large Internet Service Providers ( ISP) that either encourage or force the customer (in the case of AOL when using the in-house software or in some mobile phone companies for compression ), or to use the proxy server. In some cases, these proxies are transparent and only operate as a cache, since the traffic no longer has to leave the network of the provider (and thus the ISP costs less ).

In non-transparent proxies, however, the opposite is the IP address of the proxy known, he has no insight into the real address of the client. This makes the proxy to an anonymizer service. XFF was created to give the server the ability to identify clients individually. Without the XFF header a web server would only see the IP address of the proxy, not the real user's IP address.

Format

X - Forwarded-For: client1, proxy1, proxy2 Client1 is the original IP address of the client. proxy1 and proxy2 are the IP addresses of the intervening proxies. The first IP address is always that of the original client, and the last of the proxy that has passed through the request before the proxy, the IP address of the server sees ( Proxy3 ).

The XFF header is thus vulnerable to counterfeiting. If so, a list of known, trusted proxies - if all proxies involved are listed on such a list, it can be assumed that the given client IP address is correct.

Software

XFF - sending is supported by many proxies, and others, Squid, Apache mod_proxy, Pound, Varnish cache, IronPort Web Security Appliance, F5 Big-IP, Blue Coat ProxySG, Cisco Cache Engine, Finjan 's Vital Security, NetApp NetCache, USP Secure Entry Server, jetNEXUS, Crescendo Networks ' Maestro and Microsoft ISA Server 2004/2006 with the extension Winfrasoft X - Forwarded-For for ISA Server.