[Zope] accessing REMOTE_ADDR

Bill Anderson bill@immosys.com
04 Oct 2001 09:03:46 -0600


On Tue, 2001-10-02 at 10:29, Richard Barrett wrote:
> At 21:47 01/10/2001 -0500, Timothy Wilson wrote:
> >Hi everyone,
> >
> >I've been messing around with my Apache config and the ProxyVia directive
> >and searching the mailing list archive. I have yet to find the definitive
> >answer to this question:
> >
> >Is it possible to retrieve the actual IP address of the site visitor when
> >using Zope with Apache ProxyPass or Rewrite rules (without patching Apache)?
> 
> In the case of mod_proxy and without patching the answer is no.

Sorry, that is wrong.


I am using apache 1.3.19, ProxyPass, and have the ProxyVia directive
turned to full, and it works just fine.

ProxyVia full
goes in the VirtualHost section in your httpd.conf file.

Now, I am not using ModRewrite, so there *may* be some issues with that.

...

> My advice: give it up; like who cares what the IP number of the user's 
> machine is. If you are after security you've got to rely on the low grade 
> capabilities of Basic Authentication and its cookie cousins, or get some 
> serious protection by wrapping Basic Auth in SSL.

Again, not completely true. if you use IP addresses for security
purposes, your primary concern is spoofed IPs, If your OS allows it
(such as Linux), you can block nearly all spoofed IP attempts.

Bill