Testing http header IP forwarding

I need to determine what the application sees versus what is being sent, these scripts helped me see the discrepancy and validate the change once resolved:

<?php

header('Expires: 0'); // Proxies.
header('Cache-Control: no-store, no-cache, must-revalidate'); // HTTP 1.1.
header('Cache-Control: post-check=0, pre-check=0', FALSE);
header('Pragma: no-cache'); // HTTP 1.0.

$client  = @$_SERVER['HTTP_CLIENT_IP'];
$forward = @$_SERVER['HTTP_X_FORWARDED_FOR'];
$remote  = $_SERVER['REMOTE_ADDR'];

print ('This page was generated ' . date(DATE_RFC2822) . '.');
print ("<br /><br /><br />Client IP address reported by the REMOTE_ADDR variable is $remote");
print ("<br /><br />Client IP address reported by the HTTP_X_FORWARDED_FOR variable is $forward");
print ("<br /><br />Client IP address reported by the HTTP_CLIENT_IP variable is $client");

if(filter_var($client, FILTER_VALIDATE_IP))
{
    $ip = $client;
}
elseif(filter_var($forward, FILTER_VALIDATE_IP))
{
    $ip = $forward;
}
else
{
    $ip = $remote;
}

print ("<br /><br /><br />Client IP address determined to be $ip");
print ('<br /><br /><form method="POST"> <input type="submit" name="b1" value="Force Reload." /></form>');

?>

The above does allow you to force a post, as the original case was behind a caching server.


Posted

in

by

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *