开发者

How to detect from web application that client uses http proxy - why XFF header is missing?

I try to discover, from the web application, whether client uses transparent proxy. It should be simple in theory: just check for existence of XFF (x-forwarder-for) header. But for some unknown reasons this doesn't work at all.

I work in the office which is connected to internet via corporate transparent proxy. If I go to any "ip-proxy-check" page, e.g. http://www.my-proxy.com/show-what-ip#anonymity than it shows the X-forwarded-for header from our proxy. So, I understand, our corporate proxy sets this header properly. But then when I connect to our web application (running on Tomcat, on some public, external server), and in my webapp I list all the HTTP headers, there is no X-forwarded-for header, x-via etc.

I thought that's server fault, so then I started this webapp on totally different web server, hosted by different provider: but the result is the same, no proxy-related headers are available. So I thought that perhaps Tomcat blocks such headers, but when I connect from some tool which allows me to set custom headers manually, and I send the request with XFF header, my webapp sees that header properly. So it is not blocked by web server.

So - can anybody help me to understand how it works? Why when I navigate from the same browser and the same machine to pages like my-proxy.com than those pages claim there were proxy-specific http headers set by proxy, but when I navigate to my application than the applica开发者_StackOverflow中文版tion doesn't see such headers?


To close this question: it turned out that I used non-standard HTTP port (8080) on my webapp server for testing - and proxy doesn't add its headers when port is different than 80. On the other hand, when https is used, obviously proxy doesn't add any headers, because transmission is encoded.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜