Toby Dickenson wrote:
On Wed, 10 Apr 2002 12:16:35 -0400, Jim Washington [EMAIL PROTECTED]
wrote:
2. If we want to get fancy about allowing authentication using that ip
address like naked ZServers can do,
to
if request.has_key('HTTP_X_FORWARDED_FOR'):
Correct me if I'm wrong, but this IMO makes spoofing against a naked
ZServer a childs play. It's just adding a custom header to the request.
I also doubt that every reverse proxy overwrites this header, so
zservers behind a proxy might also be hit.
Note: this is using another web server to