I've been meaning to write about this for a while: When I switched from AOLserver 3.x to 4.0 a few years ago, I noticed that the IP address in the log file no longer always matches what [ns_conn peeraddr] reports.
ns_conn seems to always report the actual IP address of the user, whereas the log files will gladly accept whatever is in the X-Forwarded-For header that the client sends, even if it's forged or nonsensical. This makes it difficult to detect and track bot behavior and other abuses. A significant portion of bot activity on my site is logged as "127.0.0.1," "unknown," "10.0.0.50" or other similar false values. Is there any way to make AOLserver log the real IP address and ignore the X-Forwarded-For header? -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <lists...@listserv.aol.com> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
