locked
Difference between Request.ServerVariables["HTTP_X_FORWARDED_FOR"] and Request.ServerVariables["REMOTE_ADDR"] in .net RRS feed

  • Question

  • User-609852568 posted

    Hi,

         What is the difference between Request.ServerVariables["HTTP_X_FORWARDED_FOR"] and Request.ServerVariables["REMOTE_ADDR"] in Asp.Net. I think both are used for showing the system's IP address. then what's the major difference between both? anybody pls explain me clearly.

    Regards
    Vijay.

    Friday, July 27, 2007 3:47 AM

Answers

  • User509596457 posted

    Request.ServerVariables["HTTP_X_FORWARDED_FOR"] will tell you the IP if the user is behind a proxy server. You should use this first and if the value results in null or "unknown", then use Request.ServerVariables["REMOTE_ADDR"] to determine ip address.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, July 27, 2007 7:43 AM

All replies

  • User509596457 posted

    Request.ServerVariables["HTTP_X_FORWARDED_FOR"] will tell you the IP if the user is behind a proxy server. You should use this first and if the value results in null or "unknown", then use Request.ServerVariables["REMOTE_ADDR"] to determine ip address.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, July 27, 2007 7:43 AM
  • User-1982247078 posted

    Not sure where the REMOTE_ADDR is being filled from, but obviously X-Forwarded-For is from the HTTP request itself and therefore can be easily counterfeit. So recording only HTTP_X_FORWARDED_FOR in case it is present, as suggested, might not be the best idea from the security point of view.

    Also, parsing is different, because the X-Forwarded-For is generally comma separated list of addresses.

    Friday, July 15, 2011 6:54 AM
  • User-605755413 posted

    sir...i m not clearly understand your answer plz elobrt is plz sir....

    Friday, March 16, 2012 2:34 AM