[Collection] the difference between the three attributes of the Web Client IP address acquisition user IP address (http_x_forwarded_for, http_via, remote_addr)

There are bugs in the so-called "getting real IP addresses" method on the Internet, and the multi-layer transparent proxy is not taken into account.
MajorityCodeFor example:

String IPaddress = (httpcontext. Current. Request. servervariables ["http_x_forwarded_for"]! = NULL

& Httpcontext. Current. Request. servervariables ["http_x_forwarded_for"]! = String. Empty)

? Httpcontext. Current. Request. servervariables ["http_x_forwarded_for"]

: Httpcontext. Current. Request. servervariables ["remote_addr"];

In fact, the above Code only tries to use a layer-1 proxy with the user. if the user has a layer-2, layer-3 http_x_forwarded_for value is: "The real IP address of the Local Machine, layer-1 proxy IP address, layer-2 proxy IP address ,..... ", if the length of the IP field stored in your data is very small (15 bytes), the database reports an error.

In practice, there are few users who use multi-layer transparent proxy.

In other applications, more and more websites are using proxy acceleration methods, such as Sina and Sohu news.
Squid is used as a proxy to distribute traffic among multiple servers. Squid itself is similar to a transparent proxy and will send "http_x_forwarded_for"
, Http_x_forwarded_for includes the customer's IP address. If the customer has used a layer of transparent proxyProgramRetrieved
"Http_x_forwarded_for" includes two IP addresses. (I have encountered 3 IP addresses and 4 have not)

Therefore, to obtain the "real" IP address, you should also determine whether "," comma "exists in" http_x_forwarded_for ", or whether the length is too long (more than 15 bytes of XXX. XXX ).

6. /**//// <Summary>
8. /// Obtain the real IP address of the client. If a proxy exists, the first non-Intranet address is used.
10. /// </Summary>
12. Public Static StringIPaddress
14. {
16. Get
18. {
20. StringResult = string. empty;
22. Result = httpcontext. Current. Request. servervariables ["Http_x_forwarded_for"];
24. If(Result! =Null& Result! = String. Empty)
26. {
28. // A proxy may exist.
30. If(Result. indexof (".") =-1)// No "." is definitely not in IPv4 format
32. Result =Null;
34. Else
36. {
38. If(Result. indexof (",")! =-1)
40. {
42. // There are ",", multiple proxies are estimated. Obtain the first IP address that is not an intranet IP address.
44. Result = result. Replace ("",""). Replace (""","");
46. String[] Temparyip = result. Split (",;". Tochararray ());
48. For(IntI = 0; I <temparyip. length; I ++)
50. {
52. If(Text. isipaddress (temparyip [I])
54. & Temparyip [I]. substring (0, 3 )! ="10 ."
56. & Temparyip [I]. substring (0, 7 )! ="192.168"
58. & Temparyip [I]. substring (0, 7 )! ="172.16 .")
60. {
62. ReturnTemparyip [I];// Locate an address that is not an intranet address
64. }
66. }
68. }
70. Else If(Text. isipaddress (result ))// The proxy is in the IP Format
72. ReturnResult;
74. Else
76. Result =Null;// The content in the proxy is not an IP address, and the IP address is used
78. }
80. }
82. StringIPaddress = (httpcontext. Current. Request. servervariables ["Http_x_forwarded_for"]! =Null& Httpcontext. Current. Request. servervariables ["Http_x_forwarded_for"]! = String. Empty )? Httpcontext. Current. Request. servervariables ["Http_x_forwarded_for"]: Httpcontext. Current. Request. servervariables ["Remote_addr"];
84. If(Null= Result | result = string. Empty)
86. Result = httpcontext. Current. Request. servervariables ["Remote_addr"];
88. If(Result =Null| Result = string. Empty)
90. Result = httpcontext. Current. Request. userhostaddress;
92. ReturnResult;
94. }
    
101. Differences between the three attributes for obtaining the user IP address (http_x_forwarded_for, http_via, remote_addr)

     I. No proxy server is used:

     Remote_addr = your IP address
     Http_via = no value or no display
     Http_x_forwarded_for = no value or no display

     Ii. Transparent proxy server: transparent proxies

     Remote_addr = IP address of the last Proxy Server
     Http_via = Proxy Server IP Address
     Http_x_forwarded_for = your real IP address. When multiple proxy servers are used, this value is similar to the following: 203.98.1820.3, 203.98.1820.3, 203.129.72.215.

     This type of proxy server still forwards your information to your access object, which cannot hide your real identity.

     Iii. Normal anonymous proxy server: anonymous proxies

     Remote_addr = IP address of the last Proxy Server
     Http_via = Proxy Server IP Address
     Http_x_forwarded_for = Proxy Server IP address. When multiple proxy servers are used, this value is similar to the following: 203.98.1820.3, 203.98.1820.3, 203.129.72.215.

     Your real IP address is hidden, but you are disclosed to the access object that you use the proxy server to access them.

     Iv. destorting proxies

     Remote_addr = Proxy Server IP Address
     Http_via = Proxy Server IP Address
     Http_x_forwarded_for = random IP address. When multiple proxy servers are used, the value is as follows: 203.98.182.163, 203.98.182.163, 203.129.72.215.

     It tells the access object that you used the proxy server, but fabricated a false random IP address instead of your real IP address to cheat it.

     5. High anonymity proxies (elite proxies)

     Remote_addr = Proxy Server IP Address
     Http_via = no value or no display
     Http_x_forwarded_for = no value or no value is displayed. When multiple proxy servers are used, the value is similar to the following: 203.98.182.163, 203.98.182.163, 203.129.72.215.

     The proxy server information replaces all your information, just as you directly access the object using the proxy server.

I. No proxy server is used:

Remote_addr = your IP address
Http_via = no value or no display
Http_x_forwarded_for = no value or no display

Ii. Transparent proxy server: transparent proxies

Remote_addr = IP address of the last Proxy Server
Http_via = Proxy Server IP Address
Http_x_forwarded_for = your real IP address. When multiple proxy servers are used, this value is similar to the following: 203.98.1820.3, 203.98.1820.3, 203.129.72.215.

This type of proxy server still forwards your information to your access object, which cannot hide your real identity.

Iii. Normal anonymous proxy server: anonymous proxies

Remote_addr = IP address of the last Proxy Server
Http_via = Proxy Server IP Address
Http_x_forwarded_for = Proxy Server IP address. When multiple proxy servers are used, this value is similar to the following: 203.98.1820.3, 203.98.1820.3, 203.129.72.215.

Your real IP address is hidden, but you are disclosed to the access object that you use the proxy server to access them.

Iv. destorting proxies

Remote_addr = Proxy Server IP Address
Http_via = Proxy Server IP Address
Http_x_forwarded_for = random IP address. When multiple proxy servers are used, the value is as follows: 203.98.182.163, 203.98.182.163, 203.129.72.215.

It tells the access object that you used the proxy server, but fabricated a false random IP address instead of your real IP address to cheat it.

5. High anonymity proxies (elite proxies)

Remote_addr = Proxy Server IP Address
Http_via = no value or no display
Http_x_forwarded_for = no value or no value is displayed. When multiple proxy servers are used, the value is similar to the following: 203.98.182.163, 203.98.182.163, 203.129.72.215.

The proxy server information replaces all your information, just as you directly access the object using the proxy server.