This article is a mirror article of machine translation, please click here to jump to the original article.

Architect_Programmer_Code Agriculture Network»Architect Programming Other programming X-Forwarded-For multiple IP addresses in the HTTP request header
View: 15152|Reply: 5

X-Forwarded-For multiple IP addresses in the HTTP request header

[Copy link]
Posted on 5/19/2021 9:22:43 AM | | | |
X-Forwarded-For X-Forwarded-For is an extension header. The HTTP/1.1 (RFC 2616) protocol does not define it, it was originally introduced by Squid, a caching proxy software, to represent the real IP of the HTTP requester, and has now become a de facto standard, widely used by major HTTP proxies, load balancing and other forwarding services, and written into the RFC 7239 (Forwarded HTTP Extension) standard.

In a network structure with multiple layers of proxies (e.g., a CDN and Anti-DDoS Pro IP address connected to a web application firewall), the IP addresses of all proxies are added to the x-forwarded-for field. This is because the proxy server writes the proxy IP address for each forwarding.

The format is as follows:

X-Forwarded-For: client_ip, proxy1_ip, proxy2_ip
Forge X-Forwarded-For

We add the X-Forwarded-For request header via postman, which forges something like this:





I used Alibaba Cloud's SLB service, SLB -> IIS, if we get the first IP address, it must be incorrect, the last IP address is the real IP address of the client.

In real life, you need to obtain it according to your own architecture, and obtaining the real IP address of the client depends on how many layers of proxies you have gone through.You believe in the first layer

For using nginx as a reverse proxy, you can set it up as follows:

The outermost proxy server does not trust the X-Forwarded-For input of the client, directly overwriting it, rather than appending it.





Previous:How to save a stream to a file in C#/.NET
Next:Close Quartz . .Net

Related Posts
 Landlord| Posted on 5/19/2021 9:23:53 AM |
asp.net mvc to get the client IP address
https://www.itsvse.com/thread-3312-1-1.html
Posted on 10/14/2021 9:54:00 PM |
No... You must learn a little and resolutely address TW garbage IP registration!!
 Landlord| Posted on 1/7/2022 9:56:12 AM |
X-Forwarded-For

TheX-Forwarded-For (XFF) header is the de facto standard header used to identify the original IP address of a client connected to a web server via an HTTP proxy or load balancer. When traffic between a client and server is intercepted, the server access log contains only the IP address of the proxy or load balancer. To see the original IP address of the client, use the request header for X-Forwarded-For.

This header is used to debug, count, and generate location-related content and expose privacy-sensitive information such as the client's IP address by design. Therefore, it is important to keep the privacy of the user in mind when deploying this header.

The standardized version of this header is the HTTPForwarded header.

X-Forwarded-For is also an email header that indicates that the email is forwarded from another account.

If the request goes through multiple proxies, the IP address of each consecutive proxy is listed. This means that the IP address on the far right is the IP address of the nearest proxy, and the IP address on the far left is the IP address of the originating client.

https://developer.mozilla.org/en ... ers/X-Forwarded-For
 Landlord| Posted on 1/7/2022 11:03:18 AM |
nginx test to get the IP address


 Landlord| Posted on 2/20/2025 10:57:42 AM |
ASP.NET Core obtains the user's real IP address through a reverse proxy

The code is as follows:


Get an IP address:


Documentation:The hyperlink login is visible.
Source Code Reference:The hyperlink login is visible.
Disclaimer:
All software, programming materials or articles published by Code Farmer Network are only for learning and research purposes; The above content shall not be used for commercial or illegal purposes, otherwise, users shall bear all consequences. The information on this site comes from the Internet, and copyright disputes have nothing to do with this site. You must completely delete the above content from your computer within 24 hours of downloading. If you like the program, please support genuine software, purchase registration, and get better genuine services. If there is any infringement, please contact us by email.
Mail To:help@itsvse.com