Bugtraq mailing list archives
RE: [Full-disclosure] Anonymous Web Attacks via DedicatedMobileServices
From: Alexander Klimov <alserkli () inbox ru>
Date: Sat, 30 Jul 2005 10:04:58 +0300 (IDT)
On Sun, 24 Jul 2005, Bojan Zdrnja wrote:
Regarding Google - yes, if you log only connections. However, when you use translate.google.com service, Google will add a new header in the HTTP request: X-Forwarded-For: <IP address> All proxy servers should add this header, even in the case of multiple proxying, in which case all IP addresses should be listed under this header. For Apache, there is even a mod_extract_forwarded module which should change the connection so it looks like it's coming from the IP behind the proxy server.
If you do assume that x-forwarded-for is always genuine then you will have problems when somebody with direct connection adds x-forwarded-for to confuse you (this is very similar to email headers). BTW: I don't sure that it is that important for real attackers -- most of them are likely to use owned hosts anyway. -- Regards, ASK
Current thread:
- RE: [Full-disclosure] Anonymous Web Attacks via DedicatedMobileServices Bojan Zdrnja (Jul 28)
- Re: [Full-disclosure] Anonymous Web Attacks via DedicatedMobileServices Petko Petkov (Jul 28)
- RE: [Full-disclosure] Anonymous Web Attacks via DedicatedMobileServices Alexander Klimov (Jul 30)