[jira] [Commented] (ROL-2004) OpenOffice Blog: In comments only the IP address of the proxy host (erebus) is displayed

Mon, 26 May 2014 10:34:28 -0700 

    [ 
https://issues.apache.org/jira/browse/ROL-2004?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14008969#comment-14008969
 ] 

Glen Mazza commented on ROL-2004:
---------------------------------

Are you sure this is an Apache Roller issue (something the software can fix) 
and not an ASF Infra one?

I don't know if there is anything Roller can do here.  If the Roller software 
gets the Proxy Host IP instead of the real one, I'm not sure if it is 
additionally supplied the real sender IP address, would that not defeat the 
purpose(s) of a proxy host (anonymity of the caller and/or the security that an 
application always returns through the proxy and not the request IP address)?

What if the "sender IP address" was another proxy server itself?  Would you 
expect *that* proxy server to also forward on the original sender IP address?  
I'm far from a proxy server expert but you seem to be describing some pretty 
non-secure, easy-going proxy servers.  :)


> OpenOffice Blog: In comments only the IP address of the proxy host (erebus) 
> is displayed
> ----------------------------------------------------------------------------------------
>
>                 Key: ROL-2004
>                 URL: https://issues.apache.org/jira/browse/ROL-2004
>             Project: Apache Roller
>          Issue Type: Bug
>          Components: Comments
>    Affects Versions: 5.0.3
>            Reporter: Marcus
>            Assignee: Roller Unassigned
>
> *Issue behavior:*
> https://blogs.apache.org/OOo/
> In blog comments only the following IP address is shown. So, it looks like as 
> if every comment is coming from this host:
> $ host 140.211.11.74
> 74.11.211.140.in-addr.arpa domain name pointer erebus-ssl.apache.org.
> *Expected solution:*
> Please show the sender IP address and not the one from the proxy host.
> *Benefit:*
> In order to fight against spam in blog comments it would be very helpful to 
> show the real IP address from the sender.
> Of course I know that this can be manipulated, too, and then even this is not 
> the real IP address. However, it would a good piece of help for decision 
> making --> spam or no spam.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to