httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dragon <dra...@crimson-dragon.com>
Subject Re: [users@httpd] Block IP
Date Wed, 04 Jun 2008 19:44:23 GMT
André Warnier wrote:

>Mohit Anchlia wrote:
>
>>2. Another question I had was sometimes we don't get real physical IP of the
>>machine but the IP of something that's in between like "router", is there a
>>way to get the real IP so that we don't end up blocking people coming from
>>that "router" or "proxy"
>
>In my opinion, you cannot.  The whole point of 
>such routers and proxies is to make the requests 
>look like they are coming from the router/proxy, 
>so that is the sender IP address you are seeing 
>at your server level, and that's it.  Your 
>server never receives the original requester IP address.
---------------- End original message. ---------------------

There are legitimate reasons for this to be done 
as well, indiscriminately blocking such access is 
a bad idea as it will affect legitimate users. 
NAT and IP address sharing are among the reasons. 
This allows an organization to have a router with 
one public IP address to serve a larger internal 
network with private IP addresses. Without this, 
we would have run out of IPv4 addresses a long time ago.


Dragon

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message