"Lad" <[EMAIL PROTECTED]> wrote: >Fredrik Lundh wrote: >> Lad wrote: >> >> > Normaly I can log user's IP address using os.environ["REMOTE_ADDR"] . >> > If a user is behind a proxy, I will log proxy's IP address only. >> > Is there a way how to find a real IP user's address? >> >> os.environ["HTTP_X_FORWARDED_FOR"] >> >> (but that can easily be spoofed, and is mostly meaningless if the user >> uses local IP addresses at the other side of the proxy, so you should >> use it with care) >> >Hello Fredrik, >Thank you for your reply. >How can be HTTP_X_FORWARDED_FOR easily spoofed? I thought that IP >address is not possible change.
No, but HTTP headers are just text. A client can put whatever it wants in them. -- - Tim Roberts, [EMAIL PROTECTED] Providenza & Boekelheide, Inc. -- http://mail.python.org/mailman/listinfo/python-list
