On Thu, Jul 5, 2012 at 6:39 PM, Randall Whitman <909li...@whizman.com> wrote: >> Any way to "capture" the ip address from the http request or something >> like that? It is a java application running under tomcat with apache as >> the web server. > By default, the client IP address is the first field of the Apache > access log file. A clever attacker will spoof it, else use a > compromised botnet rather than one's own machines.
I'll nitpick a little here. You can't spoof the endpoint of a valid TCP connection. They may proxy it through some open proxy, but it will be the IP of the proxy, and most proxies, even open proxies, will add a HTTP header that indicates what IP it's proxying for. ...Todd -- The total budget at all receivers for solving senders' problems is $0. If you want them to accept your mail and manage it the way you want, send it the way the spec says to. --John Levine _______________________________________________ LinuxUsers mailing list LinuxUsers@socallinux.org http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers
