Jim Popovitch writes: > For the purpose of something like fail2ban all that is needed is > the IPaddr. Having all the others would be a "nice to have", but > would really drive up the patch size.
>From 10 lines to 20? I'd be more worried about the size of message or msgdata objects. > REMOTE_HOST is subject to swift changes, whereas REMOTE_ADDR is what > actually connected to the server. One you can bank on, the other is > always suspect, imo. Sure, and that's precisely why I'd want both. Rapid changes of REMOTE_HOST associated with the same REMOTE_ADDR would be a pretty clear sign that something bad is going on. On the other hand, bad guys typically have access to a bunch of IP addresses if they need them. I don't think REMOTE_ADDR is necessarily all that good a way to identify a miscreant. ------------------------------------------------------ Mailman-Users mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
