> Mehmet ÇELiK wrote:
> >>In your vBulletin includes/init.php file change "define('IPADDRESS',
> >>$_SERVER['REMOTE_ADDR']);" to "define('IPADDRESS',
> >>$_SERVER['HTTP_X_FORWARDED_FOR']);".
> >>
> >
> >No. I don't this. Because, this is not right method..
On 09.01.09 22:40, Amos Jeffries wrote:
> In my PHP-apps I do the equivalent of this:
>
> if ($trust_XFF && $_SERVER['HTTP_X_FORWARDED_FOR'])
> define('IPADDRESS', $_SERVER['HTTP_X_FORWARDED_FOR']);
> else
> define('IPADDRESS', $_SERVER['REMOTE_ADDR']);
Is that working? Afaik, x-forwarded-for may contain more IP addresses, where
not all of them may be trusted. I think that proper validator should have
list of (un)trusted networks and match REMOTE_ADDR and HTTP_X_FORWARDED_FOR
until untrusted IP is found (the same waty as squid's follow_x_forwarded_for
directive does.
If anyone have such PHP, please paste a link. I think that could be used in
many other PHP applications (and I'd post that to horde people)
--
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #99999: Out of error messages.
