I understand that a header HTTP_X_FORWARDED_FOR is set by proxy servers to identify the ip-address of the host that is making the HTTP request through the proxy. I’ve heard claims that the header HTTP_CLIENT_IP is set for similar purposes.
- What is the difference between
HTTP_CLIENT_IPandHTTP_X_FORWARDED_FOR? - Why would one have different values than the other?
- Where can I find resources on the exact definition of these headers.
Neither of these headers are officially standardised. Therefore:
What is the difference between HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR?– it is impossible to say. Different proxies may implement these, or may not. The implementations may vary from one proxy to the next, and they may not. A lack of a standard breeds question marks.Why would one have different values than the other?– See point 1. However, from a purely practical point of view, the only reason I can see for these having different values is if more than one proxy was involved – theX-Forwarded-For:header might then contain a complete track of the forwarding chain, whereas theClient-IP:header would contain the actual client IP. This is pure speculation, however.Where can I find resources on the exact definition of these headers.– You can’t. See point 1.There does seem to be some kind of de-facto standard regarding the
X-Forwarded-For:header, butgiven that there is no RFC that defines it this cannot be relied uponsee comment below.As a side note, the
Client-IP:header should by convention beX-Client-IP:since it is a ‘user-defined’ header.