On Mon, Jun 22, 2015 at 8:06 PM, Stephen J. Turnbull <[email protected]> wrote: > Are you proposing this for inclusion in a future Mailman distribution?
Yes, at least for the 2.x trunk. > If so, RFC 7239 Forwarded-For should be supported as well. Sure, that makes good sense to add. > Also, since one of the purposes of this information appears to be > detection of attacks of various kinds, I would think that instead of > falling back to REMOTE_HOST or REMOTE_ADDR, you would want to collect > all of them. After all, this is cheap since you're getting it from > the HTTP headers, no DNS lookups or whatever involved, they've already > been done. For the purpose of something like fail2ban all that is needed is the IPaddr. Having all the others would be a "nice to have", but would really drive up the patch size. > This especially applies to REMOTE_HOST vs. REMOTE_ADDR. REMOTE_HOST is subject to swift changes, whereas REMOTE_ADDR is what actually connected to the server. One you can bank on, the other is always suspect, imo. -Jim P. ------------------------------------------------------ Mailman-Users mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
