Hi, i don't understand. The proxy is even delivering pages when there is no security token at all. e.g.
http://shindig.mydomain/gadgets/proxy?url=google.com At the server the page is requested from, there is no indication, that it is fetched by a proxy. There could be severe legal trouble if someone abuses our open proxy to do something illegal as we have no way to prove otherwise. So my idea was to whitelist the domains from which the proxy will fetch content. Best Regards Karsten Beyer On Fri, Jul 11, 2008 at 2:19 PM, Ropu <[EMAIL PROTECTED]> wrote: > U can try adding the ip the the Security Token too. > > ropu > > On Fri, Jul 11, 2008 at 6:20 AM, Karsten Beyer <[EMAIL PROTECTED]> wrote: > > > Hi, > > > > what is the suggested strategy to prevent abuse of the open proxy at > > /gadgets/proxy? I found some old discussions from february about adding > the > > IP address of the user as HTTP header. Some testing however showed that > this > > is not yet implemented. > > > > Are there any plans to implement some kind of whitelist feature? More > > importantly: Are there any reasons against implementing such a feature? > > > > > > Best Regards, > > > > Karsten Beyer > > [EMAIL PROTECTED] > > > > > > > > > > > -- > .-. --- .--. ..- > R o p u >
