On Friday, 08/16/2002 at 09:14 AST, "Yan, Hong [IT]" <[EMAIL PROTECTED]> wrote: > What I am trying to do, is actually the contrary: > > I need to determine whether that my user is using a proxy farm. Because I > know that the IP in the http header is that of the proxy, so I think I > should be able to detect if this IP is changing in a user session. If it is, > the user is behind a proxy farm. Of course, if I do not see it changing, I > can not reach any conclusion. > > If you see a flaw in the above algorithm, please kindly let me know.
What do you mean by "user session"? ...javax.servlet.http.HttpSession? ...or something less formalized? Why (if you can share) do you need to know whether a user is behind a proxy farm? Is it for session management? (If so, a little googling found this interesting hit: http://www.javaworld.com/javaworld/jw-12-2000/jw-1221-servlets.html on the search phrase "session proxy java servlet".) Other respondents have made it pretty clear that any "true" IP address (of a machine behind a proxy/firewall) would be useless as a *communications* parameter, even if it were available. (It's value as part of a session identifier, OTOH, is another issue.) Regarding your algorithm, consider this question: Is there a scenario where the address could change, even if the user was *not* behind a proxy farm? <i-am-blind> Suppose, for the sake of argument, that a unique session identifier was encoded in the URL. (I have no idea whether this is how it's done.) A user starts a "session" on machine X, copies the encoded URL and sends it to himself on machine Y, where he pastes it into the browser prompt. Your algorithm would detect the address change and cry "proxy farm" when there is none. </i-am-blind> -blair "Jazz isn't dead. It just smells funny." -- Frank Zappa To change your membership options, refer to: http://www.sys-con.com/java/list.cfm
