How to block the real IP rather than an entire proxy?

Linux Netfilter discussions
 help / color / mirror / Atom feed

* How to block the real IP rather than an entire proxy?
@ 2003-05-14  1:42 J and T
  2003-05-14  3:05 ` Myles Uyema
  0 siblings, 1 reply; 3+ messages in thread
From: J and T @ 2003-05-14  1:42 UTC (permalink / raw)
  To: netfilter

My question is about blocking IPs from my network. It's a piece of cake to 
block static IPs. But there are times when someone sitting behind a proxy 
whos IP doesn't change, but the proxy in which he is accessing us does. 
There's no way I can figure out how to keep these people out. For example; 
Apache only shows the IP of the visitor and not the real IP of the visitor. 
Here's an example of what I mean using environment variables:

$ENV{'REMOTE_ADDR'};

One might believe this is the IP of the visitor. But...

$ENV{'HTTP_X_FORWARDED_FOR'}

if the above is present it is most likely the true IP of the visitor and the 
"REMOTE_ADDR" is just the proxy in which they are accessing the Net with.

$ENV{'HTTP_CLIENT_IP'}

Which you may need to deal with as well.

So how can I block a visitor who is jumping around through proxies? I don't 
want to block out the proxy as this could ultimately block out all AOL users 
for example.

Thanks!
John

_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: How to block the real IP rather than an entire proxy?
  2003-05-14  1:42 How to block the real IP rather than an entire proxy? J and T
@ 2003-05-14  3:05 ` Myles Uyema
  2003-05-29  1:50   ` xavier renaut
  0 siblings, 1 reply; 3+ messages in thread
From: Myles Uyema @ 2003-05-14  3:05 UTC (permalink / raw)
  To: J and T; +Cc: netfilter

It's the job of the proxy to block out the offender.  There's nothing you 
can do with netfilter to prevent him from accessing your website through 
other proxies.

On Tue, 13 May 2003, J and T wrote:

My question is about blocking IPs from my network. It's a piece of cake to 
block static IPs. But there are times when someone sitting behind a proxy 
whos IP doesn't change, but the proxy in which he is accessing us does. 
There's no way I can figure out how to keep these people out. For example; 
Apache only shows the IP of the visitor and not the real IP of the visitor. 
Here's an example of what I mean using environment variables:

$ENV{'REMOTE_ADDR'};

One might believe this is the IP of the visitor. But...

$ENV{'HTTP_X_FORWARDED_FOR'}

if the above is present it is most likely the true IP of the visitor and the 
"REMOTE_ADDR" is just the proxy in which they are accessing the Net with.

$ENV{'HTTP_CLIENT_IP'}

Which you may need to deal with as well.

So how can I block a visitor who is jumping around through proxies? I don't 
want to block out the proxy as this could ultimately block out all AOL users 
for example.

Thanks!
John

_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: How to block the real IP rather than an entire proxy?
  2003-05-14  3:05 ` Myles Uyema
@ 2003-05-29  1:50   ` xavier renaut
  0 siblings, 0 replies; 3+ messages in thread
From: xavier renaut @ 2003-05-29  1:50 UTC (permalink / raw)
  To: netfilter

On Tue, May 13, 2003 at 08:05:45PM -0700, Myles Uyema wrote:
|It's the job of the proxy to block out the offender.  There's nothing you 
|can do with netfilter to prevent him from accessing your website through 
|other proxies.

what about scanning the content of the packet (-m string)
to find thee http header ?

bye

|
|On Tue, 13 May 2003, J and T wrote:
|
|My question is about blocking IPs from my network. It's a piece of cake to 
|block static IPs. But there are times when someone sitting behind a proxy 
|whos IP doesn't change, but the proxy in which he is accessing us does. 
|There's no way I can figure out how to keep these people out. For example; 
|Apache only shows the IP of the visitor and not the real IP of the visitor. 
|Here's an example of what I mean using environment variables:
|
|$ENV{'REMOTE_ADDR'};
|
|One might believe this is the IP of the visitor. But...
|
|$ENV{'HTTP_X_FORWARDED_FOR'}
|
|if the above is present it is most likely the true IP of the visitor and the 
|"REMOTE_ADDR" is just the proxy in which they are accessing the Net with.
|
|$ENV{'HTTP_CLIENT_IP'}
|
|Which you may need to deal with as well.
|
|So how can I block a visitor who is jumping around through proxies? I don't 
|want to block out the proxy as this could ultimately block out all AOL users 
|for example.
|
|Thanks!
|John
|
|_________________________________________________________________
|STOP MORE SPAM with the new MSN 8 and get 2 months FREE*  
|http://join.msn.com/?page=features/junkmail
|
|
|
|
|

-- 
xavier renaut, 514 906 1212 x226  

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2003-05-29  1:50 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-05-14  1:42 How to block the real IP rather than an entire proxy? J and T
2003-05-14  3:05 ` Myles Uyema
2003-05-29  1:50   ` xavier renaut

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox