WebApp Sec mailing list archives

Re: HTTP Authentication & Source IP Address

From: "Jeff Dafoe" <jeff () badtz-maru com>
Date: Sat, 30 Nov 2002 11:56:33 -0500

In the recent discussion on HTTP Authentification, it was said (by Bob

Lee)

that you can't tie the origin of the the request (the IP address) to the
session for reasons that have been discussed here time and time again.


    Because of proxies such as those in use by AOL.  Take this log excerpt:

152.163.188.232 - - [30/Nov/2002:12:01:09 -0500] "GET /subcultural/index
HTTP/1.1" 200 19861
152.163.188.228 - - [30/Nov/2002:12:01:09 -0500] "GET
/image/subcultural/site/subcultural_on_dkgrey.gif HTTP/1.0" 200 2008
152.163.188.67 - - [30/Nov/2002:12:01:09 -0500] "GET
/image/subcultural/site/front-mainpromo-1129.jpg HTTP/1.1" 304 -
152.163.188.2 - - [30/Nov/2002:12:01:11 -0500] "GET
/image/subcultural/site/sidenav-dresses.gif HTTP/1.0" 200 249

    All four of those requests originated from the same user, who was on
AOL.  Although all of the requests are from 152.163.188 in this instance,
that frequently doesn't hold true.

Jeff

Current thread:

Re: HTTP Authentication & Source IP Address James Wilkinson (Nov 30)
- Re: HTTP Authentication & Source IP Address Dorian Moore (Nov 30)
- RE: HTTP Authentication & Source IP Address Matt Petteys (Nov 30)
  - Dead Thread - HTTP Authentication & Source IP Address Mark Curphey (Nov 30)
- Re: HTTP Authentication & Source IP Address Jeff Dafoe (Nov 30)