-1

I want something to determine the real IP address of the visitor.

The script includes both X_REAL_IP and X_FORWARDED_FOR. I'm just wondering which one I should check first to get the best possible result?

Any thought?

[edit] I'll be more specific.

How and when Nginx can set both w_real_ip and x_forwarded_for? Which one should I read when both are set? Does it depend on server configuration?

Savageman
  • 9,257
  • 6
  • 40
  • 50
  • Depends on what are you using it for. – Ed Heal Sep 21 '12 at 09:50
  • http://stackoverflow.com/questions/7445592/what-is-the-difference-between-http-client-ip-and-http-x-forwarded-for/7446010#7446010 - literally none of these proxy headers are standard. There is therefore no way to rely on them or even accurately predict what any of them mean, or vouch for their accuracy. There is a [draft](http://tools.ietf.org/html/draft-petersson-forwarded-for-02) for `X-Forwarded-For:` but it's recent and not official. – DaveRandom Sep 21 '12 at 09:50
  • Trust neither, both can be spoofed. – Leigh Sep 21 '12 at 09:57
  • @Leigh I know ;) But remote_addr is hard to forge, and if nginx puts that in real_ip then I'm willing to trust it. – Savageman Sep 21 '12 at 09:59

2 Answers2

1

You need check both of them.
REMOTE_ADDR - Real or Proxy IP
X_REAL_IP and X_FORWARDED_FOR - proxy headers. Not all proxy set them.

MrSil
  • 608
  • 6
  • 12
  • Yup, both can be. But which one first? – Savageman Sep 21 '12 at 09:54
  • First check remote addr and then other. X_REAL_IP is nginx header, so you doesn't need check it in general. This is depends on nginx settings. If nginx change REMOTE_ADDR, so then you need check X_REAL_IP first. – MrSil Sep 21 '12 at 09:55
  • I edited my question to be more specific. Can Nginx set both headers? If yes, which one is better to use? – Savageman Sep 21 '12 at 10:04
  • 1
    Nginx sets only X_REAL_IP, X_FORWARDED_FOR is proxy header, and proxy servers may(not) set this header. Check X_REAL_IP agaist X_FORWARDED_FOR if last one exists – MrSil Sep 21 '12 at 10:18
0

X-Forwared-For is header where proxy servers usually add client addresses: "192.168.1.1, 10.10.10.1, 10.10.1.1". The variable $proxy_add_x_forwarded_for does this addition. X-Real-IP is non standard header, where nginx sets client addresses.

Amrish Prajapati
  • 767
  • 3
  • 8
  • I'm indeed looking for NGinx support. Which header should I go for first? – Savageman Sep 21 '12 at 09:55
  • Nginx shows that both X-Real-IP and X-Forwarded-For are set but only X-Forwarded-For is set by HAproxy. So, I think it should be X-Forwarded-For – Amrish Prajapati Sep 21 '12 at 10:01
  • If only one of the 2 headers is set, there's no question, I'll use this one :) When nginx uses both headers, which one will contain the best IP? I think it depends on server configuration and there's no plain answer... – Savageman Sep 21 '12 at 10:06