{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 爷的心禁止访问 的问题《How to set value for HTTP_X_FORWARDED_FOR manually》','https://www.manongdao.com/q-919086.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I read somewhere they said that HTTP_X_FORWARDED_FOR is not a trusted variables when you want to log the user's IP because they can change that. Is it real? And how?
Thanks a lot!
相关问题
- Angular RxJS mergeMap types
- Google Apps Script: testing doPost() with cURL
- How to instantiate Http service in main.ts manuall
- C#使用http访问网络,有办法用指定网卡访问网络嘛?
- PHP Empty $_POST
相关文章
That's correct, download Fiddler to see how all HTTP Request can modified. Also it's a good idea to learn how HTTP works, then it'll be crystal clear.
The proxy used can set this header to anything it wants to, and therefore you can't trust its value. Most proxies do set the correct value though. This header is mostly used by caching proxies, and in those cases you're in control of the proxy and can thus verify that is gives you the correct information. In all other cases its value should be considered untrustworthy. Read more on the Wikipedia article about
X-Forwarded-For.As pointed out in the answer here, the correct header for HTTP_X_FORWARDED_FOR variable is x-forwarded-for. So you can set a custom request in Fiddler: