Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

What is “HTTP_X_FORWARDED_FOR\? Why does squid provide it to WWW servers, and how can I stop it?

April 26, 2017servers Squid

0

Posted

What is “HTTP_X_FORWARDED_FOR\? Why does squid provide it to WWW servers, and how can I stop it?

2 Answers

0

Posted

When a proxy-cache is used, a server does not see the connection coming from the originating client. Many people like to implement access controls based on the client address.

0

10 Posted

When a proxy-cache is used, a server does not see the connection coming from the originating client. Many people like to implement access controls based on the client address. To accommodate these people, Squid adds its own request header called “X-Forwarded-For” which looks like this: X-Forwarded-For: 128.138.243.150, unknown, 192.52.106.30 Entries are always IP addresses, or the word unknown if the address could not be determined or if it has been disabled with the forwarded_for configuration option. We must note that access controls based on this header are extremely weak and simple to fake. Anyone may hand-enter a request with any IP address whatsoever. This is perhaps the reason why client IP addresses have been omitted from the HTTP/1.1 specification. Because of the weakness of this header, support for access controls based on X-Forwarder-For is not yet available in any officially released version of squid.