Search squid archive

Re: x-forwarded-for Fail

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/10/2013 5:53 p.m., merc1984@xxxxxx wrote:
On Wed, Oct 9, 2013, at 20:35, Amos Jeffries wrote:
All such online header tools are really only delivering a report of the
headers which reached them. None of them have ever displayed "The
Truth"(tm). The internals of the browser itself contains a set of layers
doing header additions and changes. The same is (supposed to be) true of
every extra layer of software proxies across the network.
I just can't believe that someone would just keep a lying tool up.
Maybe I'll send him an email.


This case is a great example of how no matter what header manipulation
you do in your own proxy it cannot change what others are doing to the
traffic elsewhere. The CDN he uses adding its own X-Forwarded-* headers.
Your own upstream provider might add the X-Forwarded-For header adding
details about you. Every proxy along the way removes existing hop-by-hop
headers and adds new ones.
Crumcast shouldn't be manipulating my HTML headers;  that would cost too
much.

HTML is a different story entirely from HTTP.
Manipuation of HTTP headers on every relay point they cross is mandatory.



One interesting case here is that if you add X-Forwarded-For on your
requests, does that value show up at his end?
I did try setting it to 127.0.0.1, but it didn't fool him.

Interestingly I run NoScript and have all scripting turned off for his
site, yet he still comes up with my IP.  Hm, maybe Crumcast is narcking
me out.

Probably. They do have to send packets from your IP to his IP and get the responses back to you.

Amos




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux