thanks. the accepted ips don't need to be db based. the notion is that you can trivially ensure that a request is through your gateway and doesn't have spoofed headers if the application recognizes both a the ip of the server and a secret that only those ips would know.
for example, you would configure nginx working as a load balancer onto 4 machines in round-robin style... and have it add a header of "(QU#EKJHADS" to each request. so long as your app recognizes the header and the ip, it processes it as normal. otherwise, its either a spoof or some local traffic that you don't want to code for. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
