14 Jun
2004
14 Jun
'04
6:32 p.m.
sathya wrote at 2004-6-14 10:35 -0500:
is the domain filtering in zope going by the client ip in the http header ?
i assume you mean the clientip value in the http header can be set to any value without affecting the actual IP it originated from ?
if thats the case then domain filtering in zope is not useful in my opinion. please point out fallacies in my reasoning if any :)
I expect (though did not check) that the HTTP header "REMOTE_ADDR" is set by the Web server to the ip of the incoming socket connection -- independent of any "REMOTE_ADDR" that might be present in the request. Nevertheless, this ip might quite easily have been forged. -- Dieter