X-Forwarded-For

system · October 23, 2023, 3:29pm

The originating IP address of a client request.

Fastly reads this header from requests and writes it into requests. It is defined by an external standard.

This is a companion discussion topic for the original entry at https://developer.fastly.com/reference/http/http-headers/x-forwarded-for

triblondon · October 24, 2023, 12:18pm

Summarising the table above it seems like the X-Forwarded-For header received by the origin server is made up of:

{clientValue}, {clientIP}, {edgeIP}

Where:

{clientValue} is the value of any existing X-Forwarded-For header present on the request when it is received by Fastly. If present, this is always preserved
{clientIP} is the IP address of the client as seen by Fastly. This is added if the client connects to Fastly over TLS.
{edgeIP} is the IP address of the Fastly server that initially handles the request. This is only added if the client connects to Fastly over TLS, and Fastly connects to the origin over TLS, and shielding is enabled.

The most likely scenario seems to be that most Fastly services will forward an XFF header to origin with one value in it, which will be the client IP.

acme · October 24, 2023, 6:51pm

The most common problem I’ve noticed with this header is origin server software assuming it only contains a single IP address.

Topic		Replies	Views
Missing response packets for HTTPS+IPv6 requests Network Services	2	629	June 7, 2023
Create Backend with ssl but not verify certificate General	1	331	October 27, 2023
Fastly Deliver response code 421 General	1	55	April 30, 2024
Feature Request: SVCB DNS records Network Services	3	567	June 22, 2023
Host Configuration: Advanced options -> Error threshold Network Services edge	3	658	May 12, 2023

X-Forwarded-For

Related Topics