How can I auto read X-Forwarded-For from header without asking the permissions?
The problem I'm facing right now is, users are hitting my website through a third party server, as a result when I am requesting for the ip I'm getting the ip of the proxy server, not the original client's ip.I can get it from x-forwarded-for field, but how to get it without x-forwarded-for field?
What you are asking for is a well established way of performing Denial of service attacks.
Changing the IP of the request from your third party server won't help you because then you won't be able to get a response from your website as your website would then send the response to the ip from where the request originated (to the website).
That being said, you have to use the x-forwarded-for field and as a matter of fact that's the sole reason for this header to exist.
SOLUTION
When the third party server receives a request (original) you need to set the x-forwarded-for header of the new request (generated) to that of the IP of the (original) request. So when you send the (generated) request to your website, use the x-forwarded-for header to collect the IP of the (original) request.
Hope that made sense :)