Article delegate-en/3058 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A3057@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: =?ISO-8859-1?Q?Hi,_from_mexico,_=BFDeleGate_can_do_it=3F?=
22 Aug 2005 21:38:24 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


In message <_A3057@delegate-en.ML_> on 08/22/05(07:36:57)
you TuXsOuL <p6efqbdyi-e6yerofurylr.ml@ml.delegate.org> wrote:
 |Hi, my name is mario, i'm from m蝌ico, i like DeleGate read few about,
 |is a cool project.
...
 |DeleGate work fine, very good, only have a question, view the log's of
 |server's, i can see:
 |
 |  domain1.com : "connection of 10.0.0.1"
 |
 |It's normal, but, DeleGate can send the real ip of client who request
 |data of web.
...
 |And domain1.com can see ip:"215.10.2.5"
 |
 |I don't know if DeleGate can do it, can you please help me explain me
 |if it's posible.

The server's log shows the source IP address of the host of the client
with which the TCP connection to the server is establised.  Thus the
address cannot be other than the address of the (last) proxy when it is
proxied.  It is inevitable with DeleGate or other proxy servers running
on the application protocol layer.

Imagine if it is possible, that is, if a proxy can set the souce IP
address of a TCP connection, you will so easily be able to spoof the IP
address of a client to escape the access control by the server, which
might restrict accesses from clients based on the IP address of clients.

Or imagine the situation where a HTTP is relayed through multiple proxies.
Or imagine the situation where the client has private IP address like
192.168.1.1 which has relayed with NAT or proxy.  Such IP address is not
unique thus you will not distinguish the originator client host anyway.


On the other hand, DeleGate can forward the IP address of host name of
the client to server in the application layer, that is, in the header
of the HTTP request message.  For example, in "Forwarded" or
"X-Forwarded-For" with command line options:
 
  HTTPCONF="add-qhead:Forwarded: by - for %h"
  HTTPCONF="add-qhead:X-Forwarded-For: %h"
  HTTPCONF="add-qhead:X-Forwarded-For: %a"
  HTTPCONF="add-qhead:X-Forward-For: %h"
  ...

It will be useful if a server can be configured to record a specified HTTP
header like "X-Forwarded-For".

Cheers,
Yutaka
--
  D G   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( - )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V