On May 23, 2007, at 11:46 PM, A. Pagaltzis wrote:
> * Andy Grundman <andy hybridized.org>
[2007-05-24 04:05]:
>> On May 23, 2007, at 8:49 PM, A. Pagaltzis wrote:
>>> * John Shields <johnmshieldsgmail.com> [2007-05-24 02:10]:
>>>> My position with this patch is that the IP
returned by
>>>> $c->req->address should be the
closest thing to the browser
>>>> IP as possible.
>>>
>>> Sensible.
>>
>> No, you don't want to see 192.168.1.1, you want the
real
>> address the user came from.
>
> … come again?
I'm not sure where the confusion is here. Let's say you
want to do
GeoIP lookup on your visitors. How would this work if you
got the
actual IP of the user who is using a Squid proxy on their
LAN? You
want the IP of the system that visited the first trusted
proxy in
your server farm.
It may be true that we need to do more than just taking the
last IP
off the list (for those cases where you have more than 1
trusted
proxy) but this is most likely a rare situation. Anyway,
the
proposed patch would not solve this problem, it would simply
break
the way we currently handle X-Forwarded-For by taking an
address/host
that is completely untrusted and may also be completely
useless.
_______________________________________________
Catalyst-dev mailing list
Catalyst-devlists.rawmode.org
http://lists.rawmode.org/mailman/listinfo/catalyst-dev
|
