For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Using "X-Forwarded-For" in Apache or PHP

An issue that often comes up for users of any full proxy-based product is that the original client IP address is often lost to the application or web server. This is because in a full proxy system th...
Published Jun 02, 2008
Version 1.0
apache
application delivery
BIG-IP
dev
devops
hardware
http headers
iRules
php
us
Lori_MacVittie's avatar
Lori_MacVittie
Icon for Employee rankEmployee
Jun 10, 2008
The IP address in the HTTP header will only be as reliable as the source. If the BIG-IP (or proxy) is talking directly to the client, the IP address captured is reliable. If you aren't sure about the source of the request - i.e. the client might be accessing the service through a different proxy first, then you can't be certain that the address forwarded is the correct one.

 

 

Basically, if the communication is directly between the client and the BIG-IP (assuming your firewall isn't reverse NAT'ing incoming connections) then it's safe to rely on it.

 

 

Lori