[Box-Admins] Re: I need Help (was Re: Squeak Wiki Problem)
Ken Causey
ken at kencausey.com
Wed Jan 31 20:50:13 UTC 2007
Thank you, I believe that does fix the immediate problem. I will notify
squeak-dev and request confirmation from those that had trouble.
One comment however. This still assumes that the x-forwarded-for
header, if it exists, is non-pathological. Should you not confirm that
you get something that is truly IP-address-like and if not ignore the
header?
But perhaps I'm asking too much. What are the chances that a valid
browsing user is going to have a pathological x-forwarded-for header.
Perhaps too small to be of interest.
In any case, thanks!
Ken
On Tue, 2007-01-30 at 16:05 -0500, Jochen F. Rick wrote:
> Hi Ken,
>
> I was finally able to get somebody to help me check this. I have a fix.
> I'm attaching it.
>
> Peace and Luck!
>
> Jeff
>
>
> On Thu, Jan 18, 2007 at 05:51:10PM -0600, Ken Causey wrote:
> > Here is what I have found:
> >
> > "If a request has passed through multiple proxies then the
> > X-Forwarded-For may contain several IPs like this:
> >
> > X-Forwarded-For: client1, proxy1, proxy2"
> >
> > http://www.openinfo.co.uk/apache/index.html
> >
> > And this appears to be true for the one example I have seen. So
> > fundamentally I think you simply need to look the first quad and ignore
> > the rest. At the same time, if it is non-blank, but you can't extract
> > the host address, you probably should treat it as if the x-forwarded-for
> > header is simply non-existent.
> >
> > Ken
> >
> > On Thu, 2007-01-18 at 18:13 -0500, Jochen F. Rick wrote:
> > > Interesting. Why would it have two x-forwarded-for addresses? In other
> > > words, what is the meaning of the other address? Which address should be
> > > used?
> > >
> > > Peace and Luck!
> > >
> > > Jeff
> > >
> > >
> > >
> > > On Thu, Jan 18, 2007 at 04:16:45PM -0600, Ken Causey wrote:
> > > > I have been debugging the reported problems accessing the
> > > > wiki.squeak.org wiki for those behind a proxy. I have tracked it down
> > > > to the implementation of HttpRequest>>initProxyForwarding in the image.
> > > > It assumes that if an x-forwarded for header exists that it is a single
> > > > IP address. This appears to be a poor assumption. For example:
> > > >
> > > > x-forwarded-for: 74.141.6.178, 62.90.138.162
> > > >
> > > > I have not so far been able to track down documentation to confirm
> > > > whether or not this is 'officially' valid. Nonetheless Swiki should
> > > > probably not fail when this assumption is invalid.
> > > >
> > > > Ken
> > >
> > >
> > >
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.squeakfoundation.org/pipermail/box-admins/attachments/20070131/097dd344/attachment.pgp
More information about the Box-Admins
mailing list