[TYPO3-core] RFC: Fix bug #7397: Proxy servers replace REMOTE_ADDR with their own IP
Martin Kutschker
martin.kutschker-n0spam at no5pam-blackbox.net
Wed Feb 20 09:01:26 CET 2008
Dmitry Dulepov [typo3] schrieb:
>
>>> Finally I think it is not worth to return 127.0.0.0/24,
>>> 172.16.0.0/16, 192.168.0/24, 10.0.0.0/8 because they are local and
>>> make no sense at all.
>>
>> Why? An intranet could be completely within a local zone.
>
> But uoi cannot block it or do anything with this information. You only
> know that it is local network. What can you do next with it? If
> REMOTE_ADDR is returned, it will be clear to whom it belongs. If you see
> only 172.16.0.201, what useful can you get from it? Nothing. You cannot
> even say if it is US or China.
How could that be? Unless the client is spoofing his IP address any
local IP address comes from one of you interal addresses of your own
network. Local addresses are never sent accross the Internet.
Anyway my not yet proposed patch has a TYPO3_PROXY var, where you can
check if the request comes from one of the configured proxies. That is
unlike Michael's approach you have to define a list of know proxies to
go into "address resolving mode".
Masi
More information about the TYPO3-team-core
mailing list