We're using APEX 4.2.1. I've configured APEX to recognise the X-Forwarded-For header so I can use owa_util.get_cgi_env ('X-Forwarded-For') when available to get the IP address of the client. Does APEX provide a safer way to access this header?
In the APEX Instance Security configuration settings you can specify a comma separated list of proxy servers. This works fine for internal APEX logs, but how do I tap into this in my apps?
What I'm looking for is a function that returns the X-Forwarded-For header when the client IP is in the proxy list or otherwise it returns the REMOTE_ADDR header, without having to maintain a list of trusted proxy IP's elsewhere. I don't want the two sources to inadvertently get out of sync.