[Koha-bugs] [Bug 8492] Restrict OpacSuppression to IP adresses outside of an IP range

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Tue Jul 24 14:13:59 CEST 2012


http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8492

--- Comment #7 from Robin Sheat <robin at catalyst.net.nz> ---
I wouldn't expect most systems to be on real-world IP addresses if they're
behind a proxy anyway, there's no point. And it's only the address of the proxy
you care about. Though, thinking about it more, if you're attempting to
restrict to part of an RFC1918 set, this would leave forgery open. A better
idea would be to specify what your proxy IP/IP pattern is and look for the
header only in that case.

X-Forwarded-For can be forged, also can (legitimately) have multiple IP
addresses in it, but it is possible to be sure about what you're getting. For
example, if you know you're behind a proxy you can rely on that header being
there, and that the last entry is the real source IP address.

-- 
You are receiving this mail because:
You are watching all bug changes.


More information about the Koha-bugs mailing list