How do I record real client IP address when HTTP Header is spoofed by “X-Forward-For
I’ve got the problem of HTTP_X_FORWARDED_FOR Spoofing. As you know there are many way to do such as using “X-Forward-For Spoofer” etc.
The only one way to do now is using “REMOTE_ADDR”. It’s the best variable now but limitation is indicates only the last device whether Firewall or Proxy server.
Somebody has an ides please tell me. Thank you.
PS. I apologize for my English. If I wrote something rude, please for give me.