Actions

Guide/X-forwarded-for: Difference between revisions

From Convention Master Documentation

(Created page with "=X Forwarded For= The X-Forwarded-For header is a very common header that is used by web application firewalls and other proxy devices including cloudflare. ==Simple X-Forwarded-for implementation== This simple implementation will ALWAYS replace the ip found in X-forward-for. It's simpler code, but people with malicous intent could potentially spoof the x-forwarded-for header, if there is ingress into your network via other means. # Open the shared_php/db_connect.php f...")
 
No edit summary
Line 8: Line 8:


Add the following code to your db_connect.php  
Add the following code to your db_connect.php  
 
<syntaxhighlight lang="php">
  if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)){
  if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)){
     $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
     $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
  }
  }
</syntaxhighlight>


==More secure X-Forwarded-For Implemention==
==More secure X-Forwarded-For Implemention==
Line 19: Line 20:
# Edit the $allowedProxies line of the code snippit below; add or remove comma seperated IP address values to the list of ip's which you will allow to provide the X-forwarded-for header.
# Edit the $allowedProxies line of the code snippit below; add or remove comma seperated IP address values to the list of ip's which you will allow to provide the X-forwarded-for header.


 
<syntaxhighlight lang="php">
  $allowedProxies = array('10.10.15.7','192.168.15.12');
  $allowedProxies = array('10.10.15.7','192.168.15.12');
  if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER) && (in_array($_SERVER['REMOTE_ADDR'],$allowedProxies)){
  if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER) && (in_array($_SERVER['REMOTE_ADDR'],$allowedProxies)){
   $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
   $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
  }
  }
</syntaxhighlight>

Revision as of 16:57, 18 January 2023

X Forwarded For

The X-Forwarded-For header is a very common header that is used by web application firewalls and other proxy devices including cloudflare.

Simple X-Forwarded-for implementation

This simple implementation will ALWAYS replace the ip found in X-forward-for. It's simpler code, but people with malicous intent could potentially spoof the x-forwarded-for header, if there is ingress into your network via other means.

  1. Open the shared_php/db_connect.php file
  2. Paste in the code below

Add the following code to your db_connect.php

 if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)){
    $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
 }

More secure X-Forwarded-For Implemention

This more secure implementation requires you to create a list of machines that you will allow the X-forwarded-for header to be grabbed from.

  1. Open the shared_php/db_connect.php file
  2. Paste in the code below
  3. Edit the $allowedProxies line of the code snippit below; add or remove comma seperated IP address values to the list of ip's which you will allow to provide the X-forwarded-for header.
 $allowedProxies = array('10.10.15.7','192.168.15.12');
 if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER) && (in_array($_SERVER['REMOTE_ADDR'],$allowedProxies)){
   $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
 }