Re: [PEN-TEST] Your opinions are solicited ...

["Deus, Attonbitus" <Thor () HammerofGod Com>]

Does anyone know if this variable (HTTP_X_FORWARD or the like) can be
instantiated on MS Proxy Server?
I can find nothing on it.  I use reverse proxy publication to re-route
external requests to an internal web server, and would love to collect the
actual IP address from the internal logs as opposed to trying to coordinate
the external log (with the real ip address) and the internal log (that has
the proxy server address as the REMOTE_ADDR).

Anyone? Bueller? Anyone?
---------------------------------------------------------
Attonbitus Deus
thor () hammerofgod com

----- Original Message -----
From: "Paul Robinson" <paul () AKITANET CO UK>
To: <PEN-TEST () SECURITYFOCUS COM>
Sent: Tuesday, October 31, 2000 9:39 AM
Subject: Re: [PEN-TEST] Your opinions are solicited ...
> You are right that proxies can cause a problem here, but even in those
cases,
> most proxies (that behave, anyway) normally pass an extra HTTP environment
> variable called HTTP_X_FORWARD which will actually reveal the real IP
address
> being used on the public interface - regardless of NAT. In addition, the
> REMOTE_ADDR variable will hold the IP address of the cache engine/proxy
being
> used. If you use the two combined, you're going to secure things down a
> little more, and it's now going to be very difficult for an attacker to
steal
> the session (especially as your cookies that are being passed around and
> changed on every transaction/page reload are travelling over SSL), apart
from
> when you're in a NAT'ed environment.