X-Forwarded-For

Most of the time, these proxies belong to large Internet Service Providers (ISPs) who either encourage or force customers (in the case of AOL, when using in-house software or some mobile phone companies for compression) to use the proxy server (s). In some cases these proxies are transparent and only work as a cache , since the traffic then no longer has to leave the provider's network (and thus costs the ISP less).

In the case of non-transparent proxies, on the other hand, the other party only knows the IP address of the proxy and has no insight into the real address of the client. This makes the proxy an anonymization service . XFF was created to give the server the ability to uniquely identify clients. Without the XFF header, a web server would only see the IP address of the proxy, but not the real IP address of the user.

format

X-Forwarded-For: client1, proxy1, proxy2

The XFF header is therefore susceptible to forgery. This can be remedied by a list of known, trustworthy proxies - if all the proxies involved are recorded on such a list, it can be assumed that the transferred client IP address is correct.

software

Many proxies support XFF sending, including: a. Squid , Apache mod_proxy, Pound , Varnish Cache , IronPort Web Security Appliance, Citrix NetScaler, F5 Big-IP, Blue Coat ProxySG, Cisco Cache Engine, Finjan's Vital Security, NetApp NetCache , USP Secure Entry Server, jetNEXUS , Crescendo Networks' Maestro, Microsoft ISA Server 2004/2006 with the extension Winfrasoft X-Forwarded-For for ISA Server and McAfee Web Gateway .

See also

• Anonymity on the internet

Individual evidence

1. ↑ SquidFaq / ConfiguringSquid - Squid Web Proxy Wiki
2. ↑ mod_proxy - Apache HTTP Server
3. ↑ Pound proxy , under Request Logging
4. ^ Varnish tutorial
5. ↑ IronPort Web Security Appliances