Search squid archive

Re: x-forwarded-for Fail

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/10/2013 9:05 a.m., Will Roberts wrote:
I'm sure it wasn't malicious. That tool was put up in 2003. At some point in the past 10 years he probably put a reverse proxy in front of his site. Maybe you should email him and tell him he's broken his header tool.

But ... has he actually broken it? or is teh breakage something deeper, like the assumption that it can be done at all?

All such online header tools are really only delivering a report of the headers which reached them. None of them have ever displayed "The Truth"(tm). The internals of the browser itself contains a set of layers doing header additions and changes. The same is (supposed to be) true of every extra layer of software proxies across the network.

This case is a great example of how no matter what header manipulation you do in your own proxy it cannot change what others are doing to the traffic elsewhere. The CDN he uses adding its own X-Forwarded-* headers. Your own upstream provider might add the X-Forwarded-For header adding details about you. Every proxy along the way removes existing hop-by-hop headers and adds new ones.

One interesting case here is that if you add X-Forwarded-For on your requests, does that value show up at his end?

Amos





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux