[Catalyst-dev] Re: Catalyst::Engine::Apache X-Forwarded-* Handling
Andy Grundman
andy at hybridized.org
Thu May 24 05:31:49 GMT 2007
On May 23, 2007, at 11:46 PM, A. Pagaltzis wrote:
> * Andy Grundman <andy at hybridized.org> [2007-05-24 04:05]:
>> On May 23, 2007, at 8:49 PM, A. Pagaltzis wrote:
>>> * John Shields <johnmshields at gmail.com> [2007-05-24 02:10]:
>>>> My position with this patch is that the IP returned by
>>>> $c->req->address should be the closest thing to the browser
>>>> IP as possible.
>>>
>>> Sensible.
>>
>> No, you don't want to see 192.168.1.1, you want the real
>> address the user came from.
>
> … come again?
I'm not sure where the confusion is here. Let's say you want to do
GeoIP lookup on your visitors. How would this work if you got the
actual IP of the user who is using a Squid proxy on their LAN? You
want the IP of the system that visited the first trusted proxy in
your server farm.
It may be true that we need to do more than just taking the last IP
off the list (for those cases where you have more than 1 trusted
proxy) but this is most likely a rare situation. Anyway, the
proposed patch would not solve this problem, it would simply break
the way we currently handle X-Forwarded-For by taking an address/host
that is completely untrusted and may also be completely useless.
More information about the Catalyst-dev
mailing list