RE: [Full-disclosure] Anonymous Web Attacks via DedicatedMobileServices
From: Alexander Klimov (alserkli_at_inbox.ru)
Date: 07/30/05
- Previous message: group_at_soulblack.com.ar: "Kshout Data Disclosure"
- In reply to: Bojan Zdrnja: "RE: [Full-disclosure] Anonymous Web Attacks via DedicatedMobileServices"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 30 Jul 2005 10:04:58 +0300 (IDT) To: Bojan Zdrnja <Bojan.Zdrnja@LSS.hr>
On Sun, 24 Jul 2005, Bojan Zdrnja wrote:
> Regarding Google - yes, if you log only connections.
> However, when you use translate.google.com service, Google will add a new
> header in the HTTP request:
>
> X-Forwarded-For: <IP address>
>
> All proxy servers should add this header, even in the case of multiple
> proxying, in which case all IP addresses should be listed under this header.
>
> For Apache, there is even a mod_extract_forwarded module which should change
> the connection so it looks like it's coming from the IP behind the proxy
> server.
>
If you do assume that x-forwarded-for is always genuine then you will
have problems when somebody with direct connection adds
x-forwarded-for to confuse you (this is very similar to email
headers).
BTW: I don't sure that it is that important for real attackers -- most
of them are likely to use owned hosts anyway.
-- Regards, ASK
- Previous message: group_at_soulblack.com.ar: "Kshout Data Disclosure"
- In reply to: Bojan Zdrnja: "RE: [Full-disclosure] Anonymous Web Attacks via DedicatedMobileServices"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
