Normaly I can log user's IP address using os.environ["REMOTE_ADDR"] .
If a user is behind a proxy, I will log proxy's IP address only.
Is there a way how to find a real IP user's address?
Thank you for help.
LL. 7 3043
Lad wrote:
Normaly I can log user's IP address using os.environ["REMOTE_ADDR"] .
If a user is behind a proxy, I will log proxy's IP address only.
Is there a way how to find a real IP user's address?
os.environ["HTTP_X_FORWARDED_FOR"]
(but that can easily be spoofed, and is mostly meaningless if the user
uses local IP addresses at the other side of the proxy, so you should
use it with care)
</F>
Fredrik Lundh wrote:
Lad wrote:
Normaly I can log user's IP address using os.environ["REMOTE_ADDR"] .
If a user is behind a proxy, I will log proxy's IP address only.
Is there a way how to find a real IP user's address?
os.environ["HTTP_X_FORWARDED_FOR"]
(but that can easily be spoofed, and is mostly meaningless if the user
uses local IP addresses at the other side of the proxy, so you should
use it with care)
</F>
Hello Fredrik,
Thank you for your reply.
How can be HTTP_X_FORWARDED_FOR easily spoofed? I thought that IP
address is not possible change.
Thank you for your reply
L.
"Lad" <py****@hope.czwrote:
> Normaly I can log user's IP address using os.environ["REMOTE_ADDR"] . If a user is behind a proxy, I will log proxy's IP address only. Is there a way how to find a real IP user's address?
Not reliably, but why would you want to? That IP address is not reachable
from your server anyway.
--
- Tim Roberts, ti**@probo.com
Providenza & Boekelheide, Inc.
On 09/15/2006 Lad wrote:
How can be HTTP_X_FORWARDED_FOR easily spoofed? I thought that IP
address is not possible change.
Because it is a header that is added by the proxy. This header has (or
should have) no role in the proces of relaying the request by the proxy.
It is just politely added by the proxy to make it possible to identify
for who the request is forwarded. So the proxy might add anything it
likes, or nothing at all if it is an anonymizing proxy.
Winfried
"Lad" <py****@hope.czwrote:
>Fredrik Lundh wrote:
>Lad wrote:
Normaly I can log user's IP address using os.environ["REMOTE_ADDR"] .
If a user is behind a proxy, I will log proxy's IP address only.
Is there a way how to find a real IP user's address?
os.environ["HTTP_X_FORWARDED_FOR"]
(but that can easily be spoofed, and is mostly meaningless if the user uses local IP addresses at the other side of the proxy, so you should use it with care)
Hello Fredrik, Thank you for your reply. How can be HTTP_X_FORWARDED_FOR easily spoofed? I thought that IP address is not possible change.
No, but HTTP headers are just text. A client can put whatever it wants in
them.
--
- Tim Roberts, ti**@probo.com
Providenza & Boekelheide, Inc.
>Normaly I can log user's IP address using os.environ["REMOTE_ADDR"] .
>If a user is behind a proxy, I will log proxy's IP address only. Is there a way how to find a real IP user's address?
os.environ["HTTP_X_FORWARDED_FOR"]
(but that can easily be spoofed, and is mostly meaningless if the user
uses local IP addresses at the other side of the proxy, so you should
use it with care)
Yep, you should only use "HTTP_X_FORWARDED_FOR" if you trust the proxy and
you check that the request is indeed coming from it
(if environ["REMOTE_ADDR"] in proxy_list).
--
damjan
Normaly I can log user's IP address using os.environ["REMOTE_ADDR"] .
If a user is behind a proxy, I will log proxy's IP address only.
Is there a way how to find a real IP user's address?
os.environ["HTTP_X_FORWARDED_FOR"]
(but that can easily be spoofed, and is mostly meaningless if the user uses local IP addresses at the other side of the proxy, so you should use it with care)
How can be HTTP_X_FORWARDED_FOR easily spoofed? I thought that IP
address is not possible change.
I can setup my browser to always send you a fake HTTP_X_FORWARDED_FOR
header.
--
damjan This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Arne |
last post by:
Hi,
Probably an easy answer to this, but I have not been able to figure it out.
How can I find the IP-address of the machine that my Java-program is running
on ? Could not find any methods in...
|
by: Arun |
last post by:
Like its possible to find IP address of a visitor in same way is it possible to find the visitor's PC's MAC address?
-Regards,
|
by: Souljaz |
last post by:
Hi, how to find IP address. Thanks
|
by: subirs |
last post by:
Hi,
I am using mtrace to check for memory leaks in my code. The code is
divided into many fucntion which are placed in different directories.
While using mtrace the following output is given....
|
by: OppThumb |
last post by:
Hi,
I've been searching this newsgroup for an answer to my question, and
the closest I've come asks my question, but in reverse ("How to figure
out the program from plan/package"). I've -- shall...
| |
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
| |
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
| |