How to detect from web application that client uses http proxy - why XFF header is missing?
I try to discover, from the web application, whether client uses transparent proxy. It should be simple in theory: just check for existence of XFF (x-forwarder-for) header. But for some unknown reasons this doesn't work at all.
I work in the office which is connected to internet via corporate transparent proxy. If I go to any "ip-proxy-check" page, e.g. http://www.my-proxy.com/show-what-ip#anonymity than it shows the X-forwarded-for header from our proxy. So, I understand, our corporate proxy sets this header properly. But then when I connect to our web application (running on Tomcat, on some public, external server), and in my webapp I list all the HTTP headers, there is no X-forwarded-for header, x-via etc. I thought that's server fault, so then I started this webapp on totally different web server, hosted by different provider: but the result is the same, no proxy-related headers are available. So I thought that perhaps Tomcat blocks such headers, but when I connect from some tool which allows me to set custom headers manually, and I send the request with XFF header, my webapp sees that header properly. So it is not blocked by web server. So - can anybody help me to understand how it works? Why when I navigate from the same browser and the same machine to pages like my-proxy.com than those pages claim there were proxy-specific http headers set by proxy, but when I navigate to my application than the applica开发者_StackOverflow中文版tion doesn't see such headers?To close this question: it turned out that I used non-standard HTTP port (8080) on my webapp server for testing - and proxy doesn't add its headers when port is different than 80. On the other hand, when https is used, obviously proxy doesn't add any headers, because transmission is encoded.
精彩评论