Toby Dickenson wrote:
>On Wed, 10 Apr 2002 12:16:35 -0400, Jim Washington <[EMAIL PROTECTED]>
>wrote:
>
>>2. If we want to get fancy about allowing authentication using that ip
>>address like naked ZServers can do,
>>
>
>>to
>>
>>if request.has_key('HTTP_X_FORWARDED_FOR'):
>> addr=request[
>
>
>>Correct me if I'm wrong, but this IMO makes spoofing against a naked
>>ZServer a childs play. It's just adding a custom header to the request.
>>I also doubt that every reverse proxy overwrites this header, so
>>zservers behind a proxy might also be hit.
>>
>
>Note: this is using another