On Tue, 26 Feb 2002, Jeff Gutierrez wrote: > Hi guys, > > 'Just need some suggestion on an issue I'm currently faced with. > > Our application uses an IP-based geotargetting software in enforcing > which parts of the world our service can only be accessed. We've had > a fair amount of success doing this.. but recently we found problems > relating to transparent proxies like NetApp NetCache, abd SQUID (most > likely, we had this problem before but we received complaints from our > customers juist recently). Apparently, SQUID, NetApp NetCache, and > other transparent proxies replace the REMOTE_ADDR header with the IP > of the the proxy. Furthermore, the proxy adds a couple of other X- > header entries like X-Forwarded-For, and X-Client-IP. We can handle > this issue in the application code, but it doesn't look consistent > with other transparent proxies.. there must be an elegant way of > handling this issue. > > Anybody know how this issue can be attacked?
What exactly do you want to attack? Determining the real source of the IP HTTP request? I don't think this is at all possible, and if you have a fair amount of success, it will not be total. At the very best you will be in a cat-and-mouse game of plugging up holes. Remember that in squid it is totally optional to insert an X-Forwarded-For, and X-Client-IP. If a client wants to be totally anonymous, he can configure his squid/firewall to function as such. _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
