On 09/15/2006 Lad wrote: > How can be HTTP_X_FORWARDED_FOR easily spoofed? I thought that IP > address is not possible change.
Because it is a header that is added by the proxy. This header has (or should have) no role in the proces of relaying the request by the proxy. It is just politely added by the proxy to make it possible to identify for who the request is forwarded. So the proxy might add anything it likes, or nothing at all if it is an anonymizing proxy. Winfried -- http://mail.python.org/mailman/listinfo/python-list
