Menu
▾
▴
Re: [Wonder-disc] ERXRequest.remoteHostAddress with rewrite / proxy
|
From: André K. <ko...@ma...> - 2010-10-27 22:53:39
|
The first ip in the array should be always the origin ip of the client. I will make a separate method to handle this. Thanks for your feedback, André Am 27.10.2010 um 19:57 schrieb Mike Schrag: > also X-Forwarded-For can also be an array of values > > On Oct 27, 2010, at 1:48 PM, Ramsey Gurley wrote: > >> Yeah, after reading: >> >> "Just logging the X-Forwarded-For header is not always enough as the >> last proxy IP in a chain is not contained within the X-Forwarded-For >> header, it is in the actual IP header. A web server should log BOTH >> the request's source IP and the X-Forwarded-For header information for >> completeness." >> >> from the wikipedia, it sounds like ERXRequest's method is doing the >> correct thing. I would guess André just needs a new method to get the >> X-Forwarded-For info and parse that IP separate from the request IP. >> >> Ramsey >> >> On Oct 27, 2010, at 1:34 PM, Mike Schrag wrote: >> >>> btw, you should be very careful with X-Forwarded-For. you can't >>> trust that value because any user can fake it ... >>> >>> On Oct 27, 2010, at 11:16 AM, André Koppany wrote: >>> >>>> Yes I know. Did also google already for this. :-) >>>> >>>> The base question is what "remoteHostAddress" means in the context >>>> of ERXRequest. >>>> Is it in the meaning of the browser client ip address or the ip >>>> which the wo app get the request from >>>> (this case its the proxy). >>>> >>>> Maybe its important to clearify this first before commiting a patch. >>>> >>>> best, >>>> André >>>> >>>> Am 27.10.2010 um 16:01 schrieb Ramsey Gurley: >>>> >>>>> >>>>> On Oct 27, 2010, at 7:33 AM, André Koppany wrote: >>>>> >>>>>> hi, >>>>>> >>>>>> I was wondering why I get always the server ip address for >>>>>> ERXRequest.remoteHostAddress() in my deployment. >>>>>> >>>>>> After debugging it seems that after a rewriting the request >>>>>> through apache, >>>>>> the remoteHostAdress will be set to the apaches one. >>>>>> >>>>>> If I need the real client remote address I have to get it from the >>>>>> "x-forwarded-for" entry of the http request headers. >>>>>> >>>>>> Maybe this could be also a problem for other developers in >>>>>> deployment and >>>>>> the remoteHostAdress() method should first check this header >>>>>> entry and then >>>>>> return the remoteHostAdress value. >>>>>> >>>>>> Or I am totaly wrong and there is already another method >>>>>> available which checks this >>>>>> special case and returns the right value? >>>>>> >>>>>> best, >>>>>> André >>>>> >>>>> Reading the info found on wikipedia >>>>> >>>>> http://en.wikipedia.org/wiki/X-Forwarded-For >>>>> >>>>> it sounds like your users are coming in from behind a proxy. >>>>> There are no checks for this in ERXRequest currently. Perhaps you >>>>> could file a JIRA, and maybe a patch if you work something out? >>>>> >>>>> Thanks for the info André, >>>>> >>>>> Ramsey >>>> >>>> André Koppany >>>> IT-Services >>>> >>>> mackoyCONSULTING >>>> Schloss Seefeld | Hochschloss >>>> 82229 Seefeld >>>> Tel. +49 (0)8152/92989-81 >>>> Fax +49 (0)8152/92989-89 >>>> >>>> ko...@ma... >>>> www.mackoy.de >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Nokia and AT&T present the 2010 Calling All Innovators-North >>>> America contest >>>> Create new apps & games for the Nokia N8 for consumers in U.S. and >>>> Canada >>>> $10 million total in prizes - $4M cash, 500 devices, nearly $6M in >>>> marketing >>>> Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi >>>> Store >>>> http://p.sf.net/sfu/nokia-dev2dev_______________________________________________ >>>> Wonder-disc mailing list >>>> Won...@li... >>>> https://lists.sourceforge.net/lists/listinfo/wonder-disc >>> >> >> >> ------------------------------------------------------------------------------ >> Nokia and AT&T present the 2010 Calling All Innovators-North America contest >> Create new apps & games for the Nokia N8 for consumers in U.S. and Canada >> $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing >> Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store >> http://p.sf.net/sfu/nokia-dev2dev >> _______________________________________________ >> Wonder-disc mailing list >> Won...@li... >> https://lists.sourceforge.net/lists/listinfo/wonder-disc > > > ------------------------------------------------------------------------------ > Nokia and AT&T present the 2010 Calling All Innovators-North America contest > Create new apps & games for the Nokia N8 for consumers in U.S. and Canada > $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing > Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store > http://p.sf.net/sfu/nokia-dev2dev > _______________________________________________ > Wonder-disc mailing list > Won...@li... > https://lists.sourceforge.net/lists/listinfo/wonder-disc André Koppany IT-Services mackoyCONSULTING Enzianstrasse 4 D-82319 Starnberg Tel. +49 (0)8152/92989-81 Fax +49 (0)8152/92989-89 ko...@ma... www.mackoy.de |