Using "X-Forwarded-For" in Apache or PHP

An issue that often comes up for users of any full proxy-based product is that the original client IP address is often lost to the application or web server. This is because in a full proxy system th...

Published Jun 02, 2008

Version 1.0

Employee

Joined October 17, 2006

View Profile

Lori_MacVittie

Employee

Jun 10, 2008

The IP address in the HTTP header will only be as reliable as the source. If the BIG-IP (or proxy) is talking directly to the client, the IP address captured is reliable. If you aren't sure about the source of the request - i.e. the client might be accessing the service through a different proxy first, then you can't be certain that the address forwarded is the correct one.

Basically, if the communication is directly between the client and the BIG-IP (assuming your firewall isn't reverse NAT'ing incoming connections) then it's safe to rely on it.

Lori

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

Using "X-Forwarded-For" in Apache or PHP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS