mailing list archives
RE: [Full-disclosure] Anonymous Web Attacks via DedicatedMobileServices
From: Alexander Klimov <alserkli () inbox ru>
Date: Sat, 30 Jul 2005 10:04:58 +0300 (IDT)
On Sun, 24 Jul 2005, Bojan Zdrnja wrote:
Regarding Google - yes, if you log only connections.
However, when you use translate.google.com service, Google will add a new
header in the HTTP request:
X-Forwarded-For: <IP address>
All proxy servers should add this header, even in the case of multiple
proxying, in which case all IP addresses should be listed under this header.
For Apache, there is even a mod_extract_forwarded module which should change
the connection so it looks like it's coming from the IP behind the proxy
If you do assume that x-forwarded-for is always genuine then you will
have problems when somebody with direct connection adds
x-forwarded-for to confuse you (this is very similar to email
BTW: I don't sure that it is that important for real attackers -- most
of them are likely to use owned hosts anyway.