How does Sqreen find the IP address of an HTTP request ?


Requests can be redirected through multiple equipments that may make the CLIENT_IP an unreliable source for the actual client IP. In order to solve that, multiple HTTP headers were introduced.

Due to the lack of standard, there are multiple competing headers. Sqreen will go through the following and stop at the first valid header it finds:

X-FORWARDED-FOR
X-CLIENT-IP
X-REAL-IP
X-FORWARDED
X-CLUSTER-CLIENT-IP
FORWARDED-FOR
FORWARDED
VIA

For each such header, Sqreen will go through the IPs, from the oldest (first) to the newest (last) looking for a non-local, non-private IP address.

Once one is found, it is returned.

If no suitable HTTP header or IP address is found, Sqreen will use the IP address of the remote host.