Get real IP of visitor, better trust real_ip or forwared_for?

I want something to determine the real IP address of the visitor.

The script includes both X_REAL_IP and X_FORWARDED_FOR. I'm just wondering which one I should check first to get the best possible result?

Any thought?

[edit] I'll be more specific.

How and when Nginx can set both w_real_ip and x_forwarded_for? Which one should I read when both are set? Does it depend on server configuration?

Answers


You need check both of them. REMOTE_ADDR - Real or Proxy IP X_REAL_IP and X_FORWARDED_FOR - proxy headers. Not all proxy set them.


X-Forwared-For is header where proxy servers usually add client addresses: "192.168.1.1, 10.10.10.1, 10.10.1.1". The variable $proxy_add_x_forwarded_for does this addition. X-Real-IP is non standard header, where nginx sets client addresses.


Need Your Help

security certificate is invalid or does not match

exchange-server-2007

there is problem with the proxy server security certificate. the name on the security certificate is invalid or does not match the name of the target site i got this error message when I try t...

Error when creating animation in XAML

c# wpf xaml

New to XAML... i want to do some simple animations. I was trying to follow MSDN's example code from this link: Click Here

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.