[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#416397: ITP: haproxy -- fast and reliable load balancing reverse proxy

On Thursday 29 March 2007 05:44, Steve Greenland <steveg@moregruel.net> wrote:
> Or are you asking how the internal server keeps track of the remote IP
> address? It shouldn't. Any webservice that uses the (supposed) client IP
> for anything other than amusement value is broken, given NAT and client
> proxies.

NAT and client proxies greatly reduce the value of the IP address as a 
security measure.  I believe that it is still part of a solution though (EG 
if consecutive access attempts come from different continents then it makes 
sense to re-authenticate).

However they do not reduce the value of the IP address as a tracking 
mechanism.  I find it interesting to note the geographic distribution of 
requests and like to have the option to block requests from areas that cause 
more harm than good - I haven't yet had to do this with http but have often 
done so with ssh and smtp.

-- 
russell@coker.com.au
http://etbe.blogspot.com/          My Blog

http://www.coker.com.au/sponsorship.html Sponsoring Free Software development
Reply to: