X-Forwarded-For
A de facto HTTP header used by proxies and load balancers to identify the originating client IP address when traffic passes through intermediaries. Each proxy appends the IP it received the request from, creating a comma-separated list. Applications must trust only the last untrusted hop to prevent IP spoofing — attackers can prepend arbitrary IPs to the header if the application naively reads the first value.
Связанные протоколы
Упоминается в руководствах
HTTP Proxy Headers: X-Forwarded-For, Via, and Forwarded
HTTP Fundamentals
Reverse Proxy Configuration: Nginx, Caddy, and HAProxy
Production Infrastructure
TLS Termination: Where to Terminate HTTPS and Why
Production Infrastructure
Request and Response Transformation at the API Gateway
API Gateway Patterns