My Linux server is behind a router/firewall doing NAT. I have a page that accepts requests, and the only valid originators of that request are on the local network (actually they happen to be on the same box currently), also behind the router. However, the AOLserver serving that page also does other stuff and therefore is accessible from the Internet - the NAT router forwards the requests.
I realize it's not particularly good security design, but at least for the initial version of this page it would be awfully convenient if I could simply trust all requests originating on the LAN, and deny any and all requests coming in from the router. In this case, is it safe to trust the value of [ns_conn peeraddr]? Or could a client outside the router somehow spoof the peer address to make it look like the request is coming from a machine on my LAN? Hm, alternately, maybe I should have my AOLserver listen on a second IP address which is ONLY accessible from my LAN? -- Andrew Piskorski <[EMAIL PROTECTED]> http://www.piskorski.com -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
