"Lad" <[EMAIL PROTECTED]> wrote:
>Fredrik Lundh wrote:
>> Lad wrote:
>>
>> > Normaly I can log user's IP address using os.environ["REMOTE_ADDR"] .
>> > If a user  is behind a proxy, I will log  proxy's IP address only.
>> > Is there a way how to find a real IP user's address?
>>
>> os.environ["HTTP_X_FORWARDED_FOR"]
>>
>> (but that can easily be spoofed, and is mostly meaningless if the user
>> uses local IP addresses at the other side of the proxy, so you should
>> use it with care)
>>
>Hello Fredrik,
>Thank you for your reply.
>How can be HTTP_X_FORWARDED_FOR easily  spoofed? I thought that  IP
>address is not possible change.

No, but HTTP headers are just text.  A client can put whatever it wants in
them.
-- 
- Tim Roberts, [EMAIL PROTECTED]
  Providenza & Boekelheide, Inc.
-- 
http://mail.python.org/mailman/listinfo/python-list

Reply via email to