Mohit Anchlia wrote:
On 6/4/08, Dragon
<<mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]> wrote:
André Warnier wrote:
Mohit Anchlia wrote:
2. Another question I had was sometimes we don't get real physical IP of the
machine but the IP of something that's in between like "router", is there a
way to get the real IP so that we don't end up blocking people coming from
that "router" or "proxy"
In my opinion, you cannot. The whole point of
such routers and proxies is to make the requests
look like they are coming from the router/proxy,
so that is the sender IP address you are seeing
at your server level, and that's it. Your
server never receives the original requester IP address.
---------------- End original message. ---------------------
There are legitimate reasons for this to be done
as well, indiscriminately blocking such access
is a bad idea as it will affect legitimate
users. NAT and IP address sharing are among the
reasons. This allows an organization to have a
router with one public IP address to serve a
larger internal network with private IP
addresses. Without this, we would have run out
of IPv4 addresses a long time ago.
Dragon
If there is no way to get the real IP address
then how would router know which machine to
direct the response to. It got to have some
information in the packet. For eg: If A send to
router B and router sends to C then when C
responds how would B know that the response is for A.
---------------- End original message. ---------------------
The "real IP" is of no value to an external
application because it is a PRIVATE IP address.
It is not a unique address and can not be used to uniquely identify a resource.
The router maintains an internal database mapping
the connection between the internal machine on
the LAN that requested a web page (or other
resource) and the server providing it on the Public Internet.
The router public IP is all you are going to get
and even if you got the internal IP (which is not
a globally unique identifier) it would be pretty much useless to you.
Dragon
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]