2

Is it possible for x-Forwarded-For to contain a spoof? My log has a google proxy server visiting my site, and the x-Forwarded-For is actually MY IP ADDRESS. I'm wondering if I've been hacked or if someone can spoof the x-Forwarded-For. How can my very own IP address be visiting my site as an x-Forwarded-For?

Here is my php output for the visit, captured by my own script:

06-06-16 / 18:42:58: best: 66.102.6.171 client- forward- [my ip]------- /count.html - http://undergroundwiki.org/doku.php?id=The%20Five%20Most%20Beautiful%20Women

------- Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko; Google Web Preview) Chrome/27.0.1453 Safari/537.36

Ivan Barayev
  • 2,035
  • 5
  • 24
  • 30
Sean Wilson
  • 21
  • 2
  • [This](http://stackoverflow.com/a/5092951/2518525) is an interesting read.. – Darren Jun 06 '16 at 23:52
  • I don't think you're hacked. I'm guessing this is something google does when you visit your page from google.com, or maybe something with chrome? – Mads Marquart Jun 06 '16 at 23:52
  • Your server should only accept the `X-Forwarded-For` header if it's behind a load balancer or reverse proxy, and only when the connection is actually from the load balancer or proxy. Otherwise, it's definitely possible to spoof it. – Barmar Jun 06 '16 at 23:59

0 Answers0