On 2003.07.19, Nathan Folkman <[EMAIL PROTECTED]> wrote: > Actually I think Dossy is proposing to add a new arg to the ns_conn > command, and not changing the current behavior of "ns_conn peeraddr" in > order to keep backwards compatibility. I believe the proposal was to add > something like "ns_conn clientaddr". Dossy, please correct me if I'm wrong.
Nate, while you and I were talking, Gustaf actually suggested exactly the same thing to the mailing list in an previous email. At this point, does anyone see a problem with "ns_conn clientaddr"? Obviously, forgery of the X-Forwarded-For header is going to be an issue. Configuring an optional whitelist of peeraddrs to trust would be neat (only look for the X-Forwarded-For header if the peeraddr belongs to a list of IPs). I think this should be implemented, but I'm not sure exactly how useful it will be. -- Dossy -- Dossy Shiobara mail: [EMAIL PROTECTED] Panoptic Computer Network web: http://www.panoptic.com/ "He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on." (p. 70) -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
