From mboxrd@z Thu Jan 1 00:00:00 1970 Delivered-To: chneukirchen@gmail.com Received: by 10.86.23.1 with SMTP id 1cs190115fgw; Sun, 13 Sep 2009 15:14:48 -0700 (PDT) Received-SPF: pass (google.com: domain of grbounce-ceibQwUAAAB4YPBqaDIjI2bFOCxyyh3G=chneukirchen=gmail.com@googlegroups.com designates 10.101.67.1 as permitted sender) client-ip=10.101.67.1; Authentication-Results: mr.google.com; spf=pass (google.com: domain of grbounce-ceibQwUAAAB4YPBqaDIjI2bFOCxyyh3G=chneukirchen=gmail.com@googlegroups.com designates 10.101.67.1 as permitted sender) smtp.mail=grbounce-ceibQwUAAAB4YPBqaDIjI2bFOCxyyh3G=chneukirchen=gmail.com@googlegroups.com; dkim=pass header.i=grbounce-ceibQwUAAAB4YPBqaDIjI2bFOCxyyh3G=chneukirchen=gmail.com@googlegroups.com Received: from mr.google.com ([10.101.67.1]) by 10.101.67.1 with SMTP id u1mr10135242ank.30.1252880087177 (num_hops = 1); Sun, 13 Sep 2009 15:14:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=beta; h=domainkey-signature:received:received:x-sender:x-apparently-to :received:received:received:received-spf:received:dkim-signature :domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding:reply-to:sender:precedence:x-google-loop :mailing-list:list-id:list-post:list-help:list-unsubscribe :x-beenthere-env:x-beenthere; bh=FUXo0egV5gCc54MQZQEfAZ7sYSC4q1yVjGuB8kq/zbM=; b=bT9Tg+A//LYLAC17snlXFN0Ac/FLTQF7VxiytxXSa9lCuRs05ZdHKTK9m5KNbiXOP6 LvCeeY03lsj+JFIUQCrkDhDyeRoZDIlSSBqaMkNlk0U8IVHpr5VokLJ5CUEb5qk4pr2Q P/G16IRmovS5lTANYTv/W1ahN4x0OMmuTysiQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlegroups.com; s=beta; h=x-sender:x-apparently-to:received-spf:authentication-results :dkim-signature:domainkey-signature:mime-version:in-reply-to :references:date:message-id:subject:from:to:content-type :content-transfer-encoding:reply-to:sender:precedence:x-google-loop :mailing-list:list-id:list-post:list-help:list-unsubscribe :x-beenthere-env:x-beenthere; b=CbQiuo6QjCxknJF09eK7fThLdc/aKym7NProwX9nR78ZGtzqy0UTB8BrAb/6mLQ3pw XmnVjsUEefO6gPRZWoQyBDyUQ9dESUZtzc9fVhB2cxSUO73KfLUNahp/RLuwugp9LFES Ct6BLPqanBylrV+dI2o8S03P39Ci/viut3rE4= Received: by 10.101.67.1 with SMTP id u1mr1261513ank.30.1252880087125; Sun, 13 Sep 2009 15:14:47 -0700 (PDT) Received: by 10.176.13.37 with SMTP id 37gr1663yqm.0; Sun, 13 Sep 2009 15:14:41 -0700 (PDT) X-Sender: themastermind1@gmail.com X-Apparently-To: rack-devel@googlegroups.com Received: by 10.150.160.8 with SMTP id i8mr3103955ybe.13.1252880079417; Sun, 13 Sep 2009 15:14:39 -0700 (PDT) Received: by 10.150.160.8 with SMTP id i8mr3103953ybe.13.1252880079395; Sun, 13 Sep 2009 15:14:39 -0700 (PDT) Return-Path: Received: from mail-yw0-f186.google.com (mail-yw0-f186.google.com [209.85.211.186]) by gmr-mx.google.com with ESMTP id 19si571724ywh.10.2009.09.13.15.14.38; Sun, 13 Sep 2009 15:14:38 -0700 (PDT) Received-SPF: pass (google.com: domain of themastermind1@gmail.com designates 209.85.211.186 as permitted sender) client-ip=209.85.211.186; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of themastermind1@gmail.com designates 209.85.211.186 as permitted sender) smtp.mail=themastermind1@gmail.com; dkim=pass (test mode) header.i=@gmail.com Received: by ywh16 with SMTP id 16so3559503ywh.13 for ; Sun, 13 Sep 2009 15:14:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=YV1zpHTYRUtZPvQxfVAKrudrO20OedC72XKhautYVHw=; b=XxIgGvG3jTzE/iuUhjMa6KIeJGgbNaOBASj0hMM6gGHMw9KPsHBkup+KFxj4jVeauR xsHhGvTNUAoJh8HHvoiuSo8VlH+y3udqvvl4zCiNHAYWZ44tw3duNmEn1HRQqmZGGoT1 p7q8q4fyln88czDWz6dNSLT3oy8qp7TS6GzCE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=AXw3STd2tASlNHN8S/CqstKlUh0qXcSBNcIGpyD42v3r/1WGxFFuN7C+F8xFxpb3qt N9kVqvz9EONa61oClEffca4NLfDV57wNRk0LMuDegMMByClJOL53U4KauiodTS2EQ2X9 MtuzkYSZF/SFQfP0DfgMNJY+z61Y18eEQkaJE= MIME-Version: 1.0 Received: by 10.150.26.5 with SMTP id 5mr8784988ybz.228.1252880078266; Sun, 13 Sep 2009 15:14:38 -0700 (PDT) In-Reply-To: <200909140008.35571.ibc@aliax.net> References: <200909131752.14504.ibc@aliax.net> <9c00d3e00909131451g362f6148nb7c2b04402bd53e6@mail.gmail.com> <200909140008.35571.ibc@aliax.net> Date: Sun, 13 Sep 2009 15:14:38 -0700 Message-ID: Subject: Re: Mongrel handler doesn't set env[REMOTE_ADDR] with the value of "X-Forwarded-For" header From: Aman Gupta To: rack-devel@googlegroups.com Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Reply-To: rack-devel@googlegroups.com Sender: rack-devel@googlegroups.com Precedence: bulk X-Google-Loop: groups Mailing-List: list rack-devel@googlegroups.com; contact rack-devel+owner@googlegroups.com List-Id: List-Post: List-Help: List-Unsubscribe: , X-BeenThere-Env: rack-devel@googlegroups.com X-BeenThere: rack-devel@googlegroups.com On Sun, Sep 13, 2009 at 3:08 PM, I=F1aki Baz Castillo wrote= : > > El Domingo, 13 de Septiembre de 2009, Michael Fellinger escribi=F3: >> On Sun, Sep 13, 2009 at 5:52 PM, I=F1aki Baz Castillo wr= ote: >> > Hi, usually when a http proxy routes a request it adds a >> > "X-Forwarded-For: CLIENT_IP" to the request so the web server can know >> > the client IP of the request. >> > >> > In fact, using Thin handler, env[REMOTE_ADDR] is set to the value of >> > X-Forwarded-For header (if present). >> > >> > However using Mongrel or Webrick handlers it doesn't occur and >> > env[REMOTE_ADDR] is set to the http proxy IP. >> > >> > Anyhow I don't see it described in Rack specifications so perhaps it's >> > not mandatory. >> >> I think many frameworks actually show X-Forwarded-For instead of >> REMOTE_ADDR if available via Request#ip, not sure whether overwriting >> is a good idea, I'm not a fan of losing information. > > Yes, I agree. However I just woulud like to point the fact that whil Thin= does > it other don't do it, so Rack env["SERVER_ADDR"] is different depending o= n the > used http server. Overwriting env['REMOTE_ADDR'] with X-Forwarded-For is not a good idea, because the X-Forwarded-For header can be forged by the client. Aman > > Regards. > > > > -- > I=F1aki Baz Castillo >