GuidesAccess control CORSAuthenticationBrowser detection using the user agentCachingCaching FAQCompressionConditional requestsConnection management in HTTP 1.xContent negotiationContent negotiation: List of default Accept valuesCookiesCSPMessagesOverviewProtocol upgrade mechanismProxy servers and tunnelingProxy servers and tunneling: Proxy Auto-Configuration (PAC) filePublic Key PinningRange requestsRedirectionsResources and specificationsResources and URIsResponse codesServer-Side Access ControlSessionGuides: BasicsBasics of HTTPChoosing between www and non-www URLsData URIsEvolution of HTTPIdentifying resources on the WebMIME TypesMIME types: Complete list of MIME typesCSPContent-Security-PolicyContent-Security-Policy-Report-OnlyCSP: base-uriCSP: block-all-mixed-contentCSP: child-srcCSP: connect-srcCSP: default-srcCSP: font-srcCSP: form-actionCSP: frame-ancestorsCSP: frame-srcCSP: img-srcCSP: manifest-srcCSP: media-srcCSP: object-srcCSP: plugin-typesCSP: referrerCSP: report-uriCSP: require-sri-forCSP: sandboxCSP: script-srcCSP: style-srcCSP: upgrade-insecure-requestsCSP: worker-srcHeadersAcceptAccept-CharsetAccept-EncodingAccept-LanguageAccept-RangesAccess-Control-Allow-CredentialsAccess-Control-Allow-HeadersAccess-Control-Allow-MethodsAccess-Control-Allow-OriginAccess-Control-Expose-HeadersAccess-Control-Max-AgeAccess-Control-Request-HeadersAccess-Control-Request-MethodAgeAllowAuthorizationCache-ControlConnectionContent-DispositionContent-EncodingContent-LanguageContent-LengthContent-LocationContent-RangeContent-TypeCookieCookie2DateDNTETagExpectExpiresForwardedFromHeadersHostIf-MatchIf-Modified-SinceIf-None-MatchIf-RangeIf-Unmodified-SinceKeep-AliveLarge-AllocationLast-ModifiedLocationOriginPragmaProxy-AuthenticateProxy-AuthorizationPublic-Key-PinsPublic-Key-Pins-Report-OnlyRangeRefererReferrer-PolicyRetry-AfterServerSet-CookieSet-Cookie2SourceMapStrict-Transport-SecurityTETkTrailerTransfer-EncodingUpgrade-Insecure-RequestsUser-AgentUser-Agent: FirefoxVaryViaWarningWWW-AuthenticateX-Content-Type-OptionsX-DNS-Prefetch-ControlX-Forwarded-ForX-Forwarded-HostX-Forwarded-ProtoX-Frame-OptionsX-XSS-ProtectionMethodsCONNECTDELETEGETHEADMethodsOPTIONSPATCHPOSTPUTStatus100 Continue101 Switching Protocols200 OK201 Created202 Accepted203 Non-Authoritative Information204 No Content205 Reset Content206 Partial Content300 Multiple Choices301 Moved Permanently302 Found303 See Other304 Not Modified307 Temporary Redirect308 Permanent Redirect400 Bad Request401 Unauthorized403 Forbidden404 Not Found405 Method Not Allowed406 Not Acceptable407 Proxy Authentication Required408 Request Timeout409 Conflict410 Gone411 Length Required412 Precondition Failed413 Payload Too Large414 URI Too Long415 Unsupported Media Type416 Range Not Satisfiable417 Expectation Failed426 Upgrade Required428 Precondition Required429 Too Many Requests431 Request Header Fields Too Large451 Unavailable For Legal Reasons500 Internal Server Error501 Not Implemented502 Bad Gateway503 Service Unavailable504 Gateway Timeout505 HTTP Version Not Supported511 Network Authentication RequiredStatus
©
本文档使用
php.cn手册 发布
文字
的X-Forwarded-For(XFF)报头是用于通过 HTTP 代理或负载平衡器识别连接到 web 服务器的客户端的发起 IP 地址的事实上的标准报头。当客户端和服务器之间的流量被拦截时,服务器访问日志仅包含代理或负载均衡器的IP地址。要查看客户端的原始 IP 地址,X-Forwarded-For请使用请求标头。
此标题用于调试,统计和生成依赖于位置的内容,并且通过设计它可以显示隐私敏感信息,例如客户端的 IP 地址。因此,在部署此标头时必须牢记用户的隐私。
此标头的标准化版本是 HTTP Forwarded标头。
X-Forwarded-For 也是一个电子邮件标题,表示电子邮件是从另一个帐户转发的。
Header type | Request header |
|---|---|
Forbidden header name | no |
句法
X-Forwarded-For: <client>, <proxy1>, <proxy2>
指令
<client> 客户端 IP 地址 <proxy1>,<proxy2> 如果请求经过多个代理,则会列出每个连续代理的IP地址。这意味着,最右侧的 IP 地址是最近代理的 IP 地址,最左侧的 IP 地址是始发客户端的 IP 地址。
例子
X-Forwarded-For: 2001:db8:85a3:8d3:1319:8a2e:370:7348X-Forwarded-For: 203.0.113.195X-Forwarded-For: 203.0.113.195, 70.41.3.18, 150.172.238.178
其他非标准形式:
# Used for some Google services X-ProxyUser-Ip: 203.0.113.19
产品规格
不是任何当前规范的一部分。这个标题的标准化版本是Forwarded。