Hi all.
This is my first post on this forum, so please bear with me.
I've got a question concerning the headers sent by the client accessing your page. I have found there are several variables accessible in PHP:
$_SERVER['REMOTE_ADDR'] (which should not be determined by any HTTP headers, but by the web server reading the TCP/IP headers, right?)
$_SERVER['HTTP_VIA'] (which will be filled if there is a transparent proxy)
the above are pretty clear and cause no problems. But when you continue to search for headers that can possibly be sent by a client (may it be a proxy or not), it's getting very confusing:
$_SERVER['HTTP_X_FORWARDED_FOR']
$_SERVER['HTTP_CLIENT_IP']
$_SERVER['HTTP_PROXY_CONNECTION']
$_SERVER['FORWARDED_FOR']
$_SERVER['X_FORWARDED_FOR']
$_SERVER['X_HTTP_FORWARDED_FOR']
$_SERVER['HTTP_FORWARDED']
I mean, they all seem to denote the SAME thing. Why use SEVEN different headers for that? Were the guys who wrote the RFCs bored? Why confuse people with so much possible headers, when it could be in ONE SINGLE header?
Apparently this is not a PHP problem, since PHP just fills these variables by reading the HTTP header lines (X-Forwarded-for: , X-Forwarded: , ...) sent by the client.
I have googled for all of those, but opinions seem to differ on what header line should be taken into account and what header line shouldn't.
So,
1) Why are there so many possible headers? Are some of them obsolete?
2) What is the difference between those headers with a 'X' and those which lack the 'X'?
3) What is the difference between "FORWARDED_FOR" and just "FORWARDED"?
Any help would be appreciated
Thank you.