On 1/29/2011 1:07 PM, Henri Gomez wrote: >> I'd certainly like to see some more information on this usage. With more >> info we can figure out what solution makes the most sense. Anything we >> can do to make Beanstalk easier to use is good although I would prefer >> to keep it generic if we can. Amazon - if you're reading this - your >> input to this discussion (or any other feedback) is welcome. > > Here's a dump from a basic Dump servlet, URL was : > http://exoide.elasticbeanstalk.com/Dump > > --- > > getAuthType=null > getCharacterEncoding=null > getContentLength=-1 > getContextPath= > getLocalAddr=127.0.0.1 > getLocalName=localhost > getLocalPort=8080 > getMethod=GET > getPathInfo=null > getPathTranslated=null > getProtocol=HTTP/1.1 > getRequestURI=/Dump > getQueryString=null > getRemoteAddr=127.0.0.1 > getRemoteHost=127.0.0.1 > getRemotePort=59657 > getRemoteUser=null > getRequestedSessionId=null > getRequestURI=/Dump > getRequestURL=http://localhost:8080/Dump > getScheme=http > getServerName=localhost > getServerPort=8080 > getServletPath=/Dump > headers= > host: localhost:8080 > accept: > application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 > accept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 > accept-encoding: gzip,deflate,sdch > accept-language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4 > cookie: _chartbeat2=jf6k6glwwlc9huuy > user-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-US) > AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 > Safari/534.10 > x-forwarded-for: 1.2.3.4, 10.122.47.36 > x-forwarded-port: 80 > x-forwarded-proto: http > x-forwarded-host: exoide.elasticbeanstalk.com > x-forwarded-server: domU-12-31-38-00-B2-08.compute-1.internal > connection: Keep-Alive > > Notice x-forwarded-host, x-forwarded-port and x-forwarded-for > > remoteAddr/Host should be grabbed from first entry in x-forwarded-for, > ie 1.2.3.4
Not necessarily. The closest immediate proxy is the last entry in that list. You might not trust all of the machines in that proxy chain to provide legitimate IP details. mod_remoteip has the concept of trusted vs. untrusted proxies, where only the trusted ones will be allowed to present the next-immediate-left IP address as a legitimate proxy address, and that IP is then compared to the trust list. So you might trust yahoo or google's proxy servers, but not your typically pwned user PC which is relaying spam or being employed as a DDoS agent. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
