X-Forwarded-For (XFF)
Return to HTTP topics, HTTP, HTTPS
Also called X-Forwarded-For (XFF)
- Snippet from Wikipedia: X-Forwarded-For
The X-Forwarded-For (XFF) HTTP header field is a common method for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer.
The
X-Forwarded-ForHTTP request header was introduced by the Squid caching proxy server's developers.X-Forwarded-Foris also an email-header indicating that an email-message was forwarded from one or more other accounts (probably automatically).Without the use of XFF or another similar technique, any connection through the proxy would reveal only the originating IP address of the proxy server, effectively turning the proxy server into an anonymizing service, thus making the detection and prevention of abusive accesses significantly harder than if the originating IP address were available. The usefulness of XFF depends on the proxy server truthfully reporting the original host's IP address; for this reason, effective use of XFF requires knowledge of which proxies are trustworthy, for instance by looking them up in a whitelist of servers whose maintainers can be trusted.
HTTP:
Security access control methods:
Cloud Monk is Retired (for now). Buddha with you. © 2024 Losang Jinpa or Fair Use. Disclaimers. REPLACE with: navbar_footer