On Sun, 24 Jul 2005, Bojan Zdrnja wrote: > Regarding Google - yes, if you log only connections. > However, when you use translate.google.com service, Google will add a new > header in the HTTP request: > > X-Forwarded-For: <IP address> > > All proxy servers should add this header, even in the case of multiple > proxying, in which case all IP addresses should be listed under this header. > > For Apache, there is even a mod_extract_forwarded module which should change > the connection so it looks like it's coming from the IP behind the proxy > server. > If you do assume that x-forwarded-for is always genuine then you will have problems when somebody with direct connection adds x-forwarded-for to confuse you (this is very similar to email headers). BTW: I don't sure that it is that important for real attackers -- most of them are likely to use owned hosts anyway. -- Regards, ASK
