Re: Filtering by client IP address for Web App Sessions

[exon <exon () home se>]

Evans, Arian wrote:
> Question for those outside of the US of A:
>
> In Europe, Asia, etc. do you have:

Sweden speaking.

> 1. Any significant user population of your web applications
> comprised of AOL (America online) users?

Not that I've seen, no.

> 2. Are there many ISPs or large organizations using megaproxies
> that swap client source IPs across entire classes of netblock (e.g.
> -like AOL does)?

Only americans are that stupid. In europe we have enough bandwidth 
without having to invent software solutions to increase it.

> I've been telling people for years that you can't filter by source or
> even last octet netblocks and lately have been wondering if I'm dense
> and this is a US-centric bias of mine thanks to the ISP behaviors
> I've had to deal with over the years.

It's still proper. Spoofing is as easy now as it was ten years ago.

Also, most homes in sweden have several computers with shared internet 
access through a masquerading DSL router, and sometimes whole apartment 
buildings or small villages share one connection, so filtering by source 
will still let more users in than you might want to. Only clueless 
coders use source-IP for anything at all above layer 3.

> Feedback appreciated,
>
> Arian