DEV Community

Carrie
Carrie

Posted on

3 1 1 1 1

Website Owner Must Know: X-Forwarded-For

About Author

I'm Carrie, a cybersecurity engineer and writer, working for SafeLine WAF. SafeLine is a free and open source web application firewall, self-hosted, very easy to use.

What is X-Forwarded-For?

X-Forwarded-For (XFF) is an HTTP header field that identifies the originating IP address of a client connecting to a web server through an HTTP proxy or a load balancer. This header is a de facto standard for identifying the original IP address of a client in scenarios where intermediate proxies are involved.

How Does It Work?

  1. Client Request: When a client makes a request to a web server, it typically includes the client's IP address.

  2. Proxy Involvement: If the request passes through a proxy server or load balancer, the original client IP is replaced with the IP of the proxy.

  3. X-Forwarded-For in Action: To preserve the original client IP, the proxy adds the X-Forwarded-For header to the request.

  4. Header Format: The header typically looks like this:

   X-Forwarded-For: <client>, <proxy1>, <proxy2>
Enter fullscreen mode Exit fullscreen mode
  1. Multiple Proxies: If multiple proxies are involved, each appends the IP address of the preceding proxy to the header.

Importance and Use Cases

  • Accurate Logging: Helps maintain accurate logs of client IP addresses.
  • Security: Assists in identifying the true source of requests for security purposes.
  • Geolocation: Enables more accurate geolocation services.
  • Access Control: Facilitates IP-based access control in multi-tier architectures.

Considerations

  • Trust: The X-Forwarded-For header can be spoofed, so it should only be trusted from known proxies.
  • Privacy: Care must be taken to handle this information in compliance with privacy regulations.
  • Configuration: Proper configuration of proxies and web servers is crucial for accurate XFF handling.

Conclusion

X-Forwarded-For is a crucial component in modern web infrastructure, especially in environments using reverse proxies or load balancers. It helps maintain transparency and traceability of client requests, balancing the need for efficient routing with the importance of preserving original client information.

Image of Docusign

🛠️ Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more

Top comments (1)

Collapse
 
trixsec profile image
Trix Cyrus

ngl i use this for ddosing😹😹

Cloudinary image

Optimize, customize, deliver, manage and analyze your images.

Remove background in all your web images at the same time, use outpainting to expand images with matching content, remove objects via open-set object detection and fill, recolor, crop, resize... Discover these and hundreds more ways to manage your web images and videos on a scale.

Learn more

👋 Kindness is contagious

Discover a treasure trove of wisdom within this insightful piece, highly respected in the nurturing DEV Community enviroment. Developers, whether novice or expert, are encouraged to participate and add to our shared knowledge basin.

A simple "thank you" can illuminate someone's day. Express your appreciation in the comments section!

On DEV, sharing ideas smoothens our journey and strengthens our community ties. Learn something useful? Offering a quick thanks to the author is deeply appreciated.

Okay