Also, not sure how I match an entry in an Apache log to an individual
user putting a transaction through the application.  so if I have
thousands of users a day, how do I know which is which IP?

Ann

Todd Lyons wrote:
> On Thu, Jul 5, 2012 at 6:39 PM, Randall Whitman <909li...@whizman.com> wrote:
>   
>>>    Any way to "capture" the ip address from the http request or something
>>>    like that?  It is a java application running under tomcat with apache as
>>>    the web server.
>>>       
>> By default, the client IP address is the first field of the Apache
>> access log file.  A clever attacker will spoof it, else use a
>> compromised botnet rather than one's own machines.
>>     
>
> I'll nitpick a little here.  You can't spoof the endpoint of a valid
> TCP connection.  They may proxy it through some open proxy, but it
> will be the IP of the proxy, and most proxies, even open proxies, will
> add a HTTP header that indicates what IP it's proxying for.
>
> ...Todd
>   

-- 
Ann Richmond
----------------
Randr Inc
951-369-3427
951-787-8683 Fax
www.randrinc.com

_______________________________________________
LinuxUsers mailing list
LinuxUsers@socallinux.org
http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers

Reply via email to