How to track multiple layered proxy IP

October 2, 2015 6:51 pm Published by Leave your thoughts

Technically speaking, finding a real IP of a proxy IP user is not difficult.

In the simplest situation, where a visitor uses a single proxy server to relay traffic to its final destination, the technical part of tracking the user down is easy. You simply need to analyze the proxy server logs, find the connection request to the target server and look at the source IP address.

However, you may encounter a visitor who uses multiple-layered proxies to spoof the IP.

maxresdefault

Nginx offers real_ip module. (real_ip_module is not packaged as defualt btw.)

http://nginx.org/en/docs/http/ngx_http_realip_module.html

Real_ip_module can detect even multiple-layered proxy IP, provided the proxy IP offers X-Forwarded-For header.

In order to protect yourself from IP spoof, and get real client IP, you need to enable real_ip_recursive and set known proxies using set_real_ip_from. Nginx will remove IPs matching known proxies and then use rightmost IP which is the real IP of the visitor you are tracking.

set_real_ip_from 127.0.0.1;
set_real_ip_from 192.168.2.1;
real_ip_header X-Forwarded-For;
real_ip_recursive on;

And an X-Forwarded-For header resulting in:

X-Forwarded-For: 123.123.123.123, 192.168.2.1, 127.0.0.1

Source : http://serverfault.com/questions/314574/nginx-real-ip-header-and-x-forwarded-for-seems-wrong/414166#414166

Tags: , ,

Categorized in:

This post was written by hackya

Leave a Reply

Your email address will not be published. Required fields are marked *