Given an X-Forwarded-For header with value "10.0.0.12, 192.168.1.234", the first value, "10.0.0.12" could have been supplied by the client and therefore spoofed. You can test this yourself quite easily in Chrome by installing the X-Forwarded-For extension and spoofing the IP to any value you want.
Given an
X-Forwarded-For
header with value "10.0.0.12, 192.168.1.234", the first value, "10.0.0.12" could have been supplied by the client and therefore spoofed. You can test this yourself quite easily in Chrome by installing the X-Forwarded-For extension and spoofing the IP to any value you want.You want the last IP, "192.168.1.234".