This should no longer be a problem in 2.2.x. The spoofed requests should be
rejected.
On Sunday, 9 December 2012 09:15:07 UTC-6, Chris wrote:
>
> 1.99.7, running from source on Red Hat EL 6
--
1.99.7, running from source on Red Hat EL 6
--
Yes. There are two variables:
request.env.remote_addr: the ip of the client as communicated by the web
server
request.env.http_x_forward_from: which may be injected by a proxy (for
example apache+mod_proxy).
request.cllient is set to the former or the latter (if present).
None of them is relia
request.client gets filled by gluon.main.get_client . You can see the
source in gluon/main.py. It gets additionally checked by gluon/utils.py
is_valid_ip_address(). I think the question everyone is thinking of right
now is: what web2py version do you run ?
On Thursday, December 6, 2012 8:15:34
4 matches
Mail list logo
