Neither of these headers are officially standardised. Therefore:
What is the difference between HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR?
- it is impossible to say. Different proxies may implement these, or may not. The implementations may vary from one proxy to the next, and they may not. A lack of a standard breeds question marks.
Why would one have different values than the other?
- See point 1. However, from a purely practical point of view, the only reason I can see for these having different values is if more than one proxy was involved - the X-Forwarded-For:
header might then contain a complete track of the forwarding chain, whereas the Client-IP:
header would contain the actual client IP. This is pure speculation, however.
Where can I find resources on the exact definition of these headers.
- You can't. See point 1.
There does seem to be some kind of de-facto standard regarding the X-Forwarded-For:
header, but given that there is no RFC that defines it this cannot be relied upon see comment below.
As a side note, the Client-IP:
header should by convention be X-Client-IP:
since it is a 'user-defined' header.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…