Looks like turning off x-forwarded-for, has been disabled now. Nothing
works. I've tried:
forwarded_for delete
forwarded_for off
forwarded_for transparent
request_header_replace X-Forwarded-For 127.0.0.1
request_header_access X-Forwarded-For deny all
reply_header_access X-Forwarded-For deny all
On 10/09/2013 10:15 AM, merc1...@f-m.fm wrote:
> Looks like turning off x-forwarded-for, has been disabled now. Nothing
> works.
> To see what I'm talking about, go to
> http://www.ericgiguere.com/tools/http-header-viewer.html
The above web page hosts a script that cannot be used as intended
be
Well for Heaven's sake.
What motivation could he possibly have for dinking with teh headers?
On Wed, Oct 9, 2013, at 11:08, Alex Rousskov wrote:
> On 10/09/2013 10:15 AM, merc1...@f-m.fm wrote:
> > Looks like turning off x-forwarded-for, has been disabled now. Nothing
> > works.
>
> > To see
I think you missed Alex's point.
That page itself sits behind a reverse proxy that adds X-Forwarded-For.
So using that for your testing isn't going to help.
On 10/09/2013 03:01 PM, merc1...@f-m.fm wrote:
Well for Heaven's sake.
What motivation could he possibly have for dinking with teh hea
Didn't miss his point and I understand exactly what he said.
My question is what possible motive could ericgiguere have for
misrepresenting headers, on a header query site?
It just doesn't make sense.
On Wed, Oct 9, 2013, at 12:05, Will Roberts wrote:
> I think you missed Alex's point.
>
> Tha
I'm sure it wasn't malicious. That tool was put up in 2003. At some
point in the past 10 years he probably put a reverse proxy in front of
his site. Maybe you should email him and tell him he's broken his header
tool.
On 10/09/2013 03:55 PM, merc1...@f-m.fm wrote:
Didn't miss his point and I
On 10/10/2013 9:05 a.m., Will Roberts wrote:
I'm sure it wasn't malicious. That tool was put up in 2003. At some
point in the past 10 years he probably put a reverse proxy in front of
his site. Maybe you should email him and tell him he's broken his
header tool.
But ... has he actually broken
On Wed, Oct 9, 2013, at 20:35, Amos Jeffries wrote:
> All such online header tools are really only delivering a report of the
> headers which reached them. None of them have ever displayed "The
> Truth"(tm). The internals of the browser itself contains a set of layers
> doing header additions an
On 10/10/2013 5:53 p.m., merc1...@f-m.fm wrote:
On Wed, Oct 9, 2013, at 20:35, Amos Jeffries wrote:
All such online header tools are really only delivering a report of the
headers which reached them. None of them have ever displayed "The
Truth"(tm). The internals of the browser itself contains a
> HTML is a different story entirely from HTTP.
> Manipuation of HTTP headers on every relay point they cross is mandatory.
Why?
> >> One interesting case here is that if you add X-Forwarded-For on your
> >> requests, does that value show up at his end?
> > I did try setting it to 127.0.0.1, but
On 11/10/2013 2:44 a.m., merc1...@f-m.fm wrote:
HTML is a different story entirely from HTTP.
Manipuation of HTTP headers on every relay point they cross is mandatory.
Why?
One interesting case here is that if you add X-Forwarded-For on your
requests, does that value show up at his end?
I did
On 11/10/2013 2:44 a.m., merc1...@f-m.fm wrote:
HTML is a different story entirely from HTTP.
Manipuation of HTTP headers on every relay point they cross is mandatory.
Why?
a) Because HTML is a markup language for text documents. HTTP is a
protocol for software communication.
b) Being a co
Thanks Amos, for the good explanation.
So this leads to: I'd like to anonymise my headers to the greatest
extent possible. Here is my config: https://pastee.org/khgtw
Does anyone have a recommended configuration for best privacy?
--
http://www.fastmail.fm - IMAP accessible web-mail
13 matches
Mail list logo
