8

I am developing a proxy and have been investigating the headers by looking at the W3 Guidelines. My proxy adds the incoming REMOTE-ADDR to the X-FORWARDED-FOR header but I'm not sure how this compares with the Via header. I've looked on the wikipedia page and this lists

Via: 1.0 fred, 1.1 example.com (Apache/1.1)

but I have not found any instructions as to how this should be built up.

Kara
  • 6,115
  • 16
  • 50
  • 57
Mr Wilde
  • 649
  • 8
  • 19

1 Answers1

11

They're both headers that indicate that content has passed through proxy, and it's fine to include both headers.

The Via header is for protocol version (so you know if connection has been downgraded at any point), hostname of proxy and optional product/version of the proxy (like User-Agent of the proxy). It's just for information/debugging or identifying and working around buggy proxies (e.g. if you wanted to use request pipelining you'd watch that space).

XFF is for forwarding original IP of the client to the server. If the server trusts the proxy (or chain of proxies) it can use it instead of connection's IP.

Kornel
  • 97,764
  • 37
  • 219
  • 309
  • So if I called my proxy MyProxy and it was version 1.0 but this had passed through the example above it would be Via: 1.0 fred, 1.1 example.com (Apache/1.1), 1.0 MyProxy – Mr Wilde Mar 06 '13 at 17:19
  • 2
    @MrWilde Sorry, I forgot that that field carries other information as well. So it'd be `Via: …, 1.1 mrwildesserver (MyProxy/1.0)` (where 1.1 is HTTP version you support). – Kornel Mar 06 '13 at 20:36