Re: Bug#416397: ITP: haproxy -- fast and reliable load balancing reverse proxy
On Thursday 29 March 2007 05:44, Steve Greenland <steveg@moregruel.net> wrote:
> Or are you asking how the internal server keeps track of the remote IP
> address? It shouldn't. Any webservice that uses the (supposed) client IP
> for anything other than amusement value is broken, given NAT and client
> proxies.
NAT and client proxies greatly reduce the value of the IP address as a
security measure. I believe that it is still part of a solution though (EG
if consecutive access attempts come from different continents then it makes
sense to re-authenticate).
However they do not reduce the value of the IP address as a tracking
mechanism. I find it interesting to note the geographic distribution of
requests and like to have the option to block requests from areas that cause
more harm than good - I haven't yet had to do this with http but have often
done so with ssh and smtp.
--
russell@coker.com.au
http://etbe.blogspot.com/ My Blog
http://www.coker.com.au/sponsorship.html Sponsoring Free Software development
Reply to: