Search squid archive

Re: X_FORWARDED_FOR, squid and apache cheating

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> However, I still see my cheated XFF exist in my backend PHP program, e.g.
>
> [HTTP_X_FORWARDED_FOR] => 192.168.11.103 [Cheated using FF Modify Header]
> [REMOTE_ADDR] => MY_SQUID_IP
>

Sorry pls ignore my last email, and see my updated test results for
quick comparison...

Facts:
Client IP: 202.183.19.3
XFF Cheated IP using FF Modify Header: 192.168.11.103
Squid IP: 10.10.10.3

Test 1:

forwarded_for on
[HTTP_X_FORWARDED_FOR] = 192.168.11.103, 202.183.19.3

forwarded_for truncate
[HTTP_X_FORWARDED_FOR] = 192.168.11.103, unknown

You see, truncate is truncating my real client ip,leaving the cheated one.

Howard
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux