[Zope] accessing REMOTE_ADDR

Ragnar Beer rbeer@uni-goettingen.de
Thu, 4 Oct 2001 23:03:01 +0200

Very strange. I tried ProxyVia full with Apache 1.3.19 but it didn't 
give me the  address of the *client* but more info regarding the host 
running apache+mod_proxy. Looking at the documentation this is 
exactly what it's supposed to do so I really wonder what you did to 
persuade your Apache to give you the clients address.


>On Tue, 2001-10-02 at 10:29, Richard Barrett wrote:
>>  At 21:47 01/10/2001 -0500, Timothy Wilson wrote:
>>  >Hi everyone,
>>  >
>>  >I've been messing around with my Apache config and the ProxyVia directive
>>  >and searching the mailing list archive. I have yet to find the definitive
>>  >answer to this question:
>>  >
>>  >Is it possible to retrieve the actual IP address of the site visitor when
>>  >using Zope with Apache ProxyPass or Rewrite rules (without 
>>patching Apache)?
>>  In the case of mod_proxy and without patching the answer is no.
>Sorry, that is wrong.
>I am using apache 1.3.19, ProxyPass, and have the ProxyVia directive
>turned to full, and it works just fine.
>ProxyVia full
>goes in the VirtualHost section in your httpd.conf file.
>Now, I am not using ModRewrite, so there *may* be some issues with that.
>>  My advice: give it up; like who cares what the IP number of the user's
>>  machine is. If you are after security you've got to rely on the low grade
>>  capabilities of Basic Authentication and its cookie cousins, or get some
>>  serious protection by wrapping Basic Auth in SSL.
>Again, not completely true. if you use IP addresses for security
>purposes, your primary concern is spoofed IPs, If your OS allows it
>(such as Linux), you can block nearly all spoofed IP attempts.
>Zope maillist  -  Zope@zope.org
>**   No cross posts or HTML encoding!  **
>(Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )