Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
From: x79z1130 <x79z1130@cxbd.com>
Reply-To: zahid@cxbd.com
To: users@httpd.apache.org
In-Reply-To: 
 <FAB6A3A2CC5BDB448DADFA1C8C0752965F74A7@SOMEXEVS001.ex.ordersx.org>
References: 
	 <FAB6A3A2CC5BDB448DADFA1C8C0752965F74A7@SOMEXEVS001.ex.ordersx.org>
Content-Type: text/plain; charset=UTF-8
Organization: CyberX IT Limited
Message-Id: <1080731821.9489.72.camel@ADMIN>
Mime-Version: 1.0
Date: 31 Mar 2004 17:17:02 +0600
Content-Transfer-Encoding: 8bit
Subject: RE: [users@httpd] HOST ADDRESS of a client host behind
	transparentproxy?

Actually I'm using the CGI to get the REMOTE_ADDR.
Example: http://search.com.bd/cgi-bin/cgitest.cgi server where I'm
testing all.

The problem is, it's not displaying the IP of the client but it's proxy
server[Which is a transparent proxy]. And I knew that. For security
reason I want my users/visitors identified through network. Even if I
have to deny access to others. I guess there are lots of other issues,
like routing and NAT.

I guess SSL is the only achievable solution.

Thank you for the reply.

Zahid Hossain

On Wed, 2004-03-31 at 17:07, Boyle Owen wrote:
> > -----Original Message-----
> > From: x79z1130 [mailto:x79z1130@cxbd.com]
> > 
> > And I also know and checked it that I do not find the 
> > REMOTE_ADDR of the
> > visitor.
> > But I thought if there is anything beyond my knowledge. 
> 
> Depends who you mean by "visitor" - you get the proxy's IP which is correct since that really is the machine that visited your site. I'm not a proxy expert but I don't think that the proxy acts like a messenger who goes and gets the page for you and so knows who the page is for when it fetches it. Rather, the request comes in and the proxy checks its cache, if it doesn't have the page, it fetches it. But it's fetching it to fill the cache, not really to serve your particular request... Nothing in the request that the proxy sends to the server says anything about who the original request is for.
>  
> > BTW, can I force
> > to identify or how do I know that it's behind a 
> > proxy/transparent proxy?
> 
> You need some mechanism to authenticate the request. Set up a password-challenge (see http://httpd.apache.org/docs/howto/auth.html) or, use cookies and server-sided logic (CGI, ASP, JSP etc.) or, using SSL, require client certs (http://www.modssl.org/docs/2.8/ssl_reference.html#ToC17).
> 
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message may be ignored. 
> 
> Diese E-mail ist eine private und persnliche Kommunikation. Sie hat keinen Bezug zur B rsen- bzw. Geschftst tigkeit der SWX Gruppe. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Group. Le prsent e-mail est un message priv  et personnel, sans rapport avec l'activit boursi re du Groupe SWX.
> 
> 
> > 
> > 
> > Anyway, thank you for your reply. Specially for your 
> > explanation of the
> > issue.
> > 
> > 
> > Zahid Hossain
> > 
> > On Wed, 2004-03-31 at 15:34, Boyle Owen wrote:
> > > > -----Original Message-----
> > > > From: x79z1130 [mailto:x79z1130@cxbd.com]
> > > > Sent: Mittwoch, 31. März 2004 08:38
> > > > 
> > > > Hi,
> > > > Does anyone you have any idea of how to get the HOST ADDRESS 
> > > > of a client
> > > > host behind transparent proxy?
> > > 
> > > The question is a bit confusing... A "client" is, for example, a
> > > browser. So do you mean that you are on the HTTP server 
> > (ie, apache) and
> > > that you have hits coming in from a browser which is coming 
> > through a
> > > proxy to your site, and you want to know the IP address of 
> > the machine
> > > that the browser is running on?
> > > 
> > > If so, you can't. The requests come from the proxy so will 
> > have only the
> > > proxy's IP address in the TCP/IP "Source" header. When the 
> > reply is sent
> > > back to the proxy, it will reroute it to the internal client. In any
> > > case, even if you did get the client's IP, it would 
> > probably be only an
> > > internal address (eg, 192.168.1.1) which you couldn't access.
> > > 
> > > If this isn't the answer you were looking for, please post back with
> > > more details of the scenario...
> > > 
> > > Rgds,
> > > Owen Boyle
> > > Disclaimer: Any disclaimer attached to this message may be ignored. 
> > > 
> > > 
> > > 
> > > > 
> > > > I was trying to search earlier mails but did not see any.
> > > > 
> > > > Thanks in advance.
> > > > 
> > > > 
> > > > -- 
> > > > Mohammed Zahid Hossain
> > > > System Administrator
> > > > CyberX IT Limited
> > > > 
> > > > 
> > > > 
> > ---------------------------------------------------------------------
> > > > The official User-To-User support forum of the Apache HTTP 
> > > > Server Project.
> > > > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > > >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > > > For additional commands, e-mail: users-help@httpd.apache.org
> > > > 
> > > > 
> > > Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
> > > keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX 
> > Gruppe. This
> > > e-mail is of a private and personal nature. It is not related to the
> > > exchange or business activities of the SWX Group. Le 
> > présent e-mail est
> > > un message privé et personnel, sans rapport avec l'activité 
> > boursière du
> > > Groupe SWX.
> > > 
> > > This message is for the named person's use only. It may contain
> > > confidential, proprietary or legally privileged information. No
> > > confidentiality or privilege is waived or lost by any 
> > mistransmission.
> > > If you receive this message in error, please notify the 
> > sender urgently
> > > and then immediately delete the message and any copies of 
> > it from your
> > > system. Please also immediately destroy any hardcopies of 
> > the message.
> > > You must not, directly or indirectly, use, disclose, 
> > distribute, print,
> > > or copy any part of this message if you are not the 
> > intended recipient.
> > > The sender's company reserves the right to monitor all e-mail
> > > communications through their networks. Any views expressed in this
> > > message are those of the individual sender, except where the message
> > > states otherwise and the sender is authorised to state them 
> > to be the
> > > views of the sender's company. 
> > > 
> > > 
> > > 
> > > 
> > ---------------------------------------------------------------------
> > > The official User-To-User support forum of the Apache HTTP 
> > Server Project.
> > > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > > For additional commands, e-mail: users-help@httpd.apache.org
> > -- 
> > Mohammed Zahid Hossain
> > System Administrator
> > CyberX IT Limited
> > 
> > Phone: 880-2-7219968,7211616
> > Email: zahid@cxbd.com
> > Alternative: zahid@allbd.com
> > Web: http://www.cxbd.com
> > 
> > 
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP 
> > Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> > 
> > 
-- 
Mohammed Zahid Hossain
System Administrator
CyberX IT Limited

Phone: 880-2-7219968,7211616
Email: zahid@cxbd.com
Alternative: zahid@allbd.com
Web: http://www.cxbd.com

==============================================================
Disclaimer: This message is for the named person's use only. It may 
contain confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mis-transmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hard copies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org