httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dragon <dra...@crimson-dragon.com>
Subject Re: [users@httpd] Block IP
Date Thu, 05 Jun 2008 18:08:29 GMT
Mohit Anchlia wrote:


>On 6/4/08, Dragon 
><<mailto:dragon@crimson-dragon.com>dragon@crimson-dragon.com> wrote:
>André Warnier wrote:
>
>Mohit Anchlia wrote:
>
>2. Another question I had was sometimes we don't get real physical IP of the
>machine but the IP of something that's in between like "router", is there a
>way to get the real IP so that we don't end up blocking people coming from
>that "router" or "proxy"
>
>
>In my opinion, you cannot.  The whole point of 
>such routers and proxies is to make the requests 
>look like they are coming from the router/proxy, 
>so that is the sender IP address you are seeing 
>at your server level, and that's it.  Your 
>server never receives the original requester IP address.
>
>---------------- End original message. ---------------------
>
>There are legitimate reasons for this to be done 
>as well, indiscriminately blocking such access 
>is a bad idea as it will affect legitimate 
>users. NAT and IP address sharing are among the 
>reasons. This allows an organization to have a 
>router with one public IP address to serve a 
>larger internal network with private IP 
>addresses. Without this, we would have run out 
>of IPv4 addresses a long time ago.
>
>
>Dragon
>
>
>If there is no way to get the real IP address 
>then how would router know which machine to 
>direct the response to. It got to have some 
>information in the packet. For eg: If A send to 
>router B and router sends to C then when C 
>responds how would B know that the response is for A.
>
>
---------------- End original message. ---------------------

The "real IP" is of no value to an external 
application because it is a PRIVATE IP address. 
It is not a unique address and can not be used to uniquely identify a resource.

The router maintains an internal database mapping 
the connection between the internal machine on 
the LAN that requested a web page (or other 
resource) and the server providing it on the Public Internet.

The router public IP is all you are going to get 
and even if you got the internal IP (which is not 
a globally unique identifier) it would be pretty much useless to you.

Dragon

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message