[Mailman-Users] HTTP_X_FORWARDED_FOR logging support
Stephen J. Turnbull
stephen at xemacs.org
Tue Jun 23 08:31:52 CEST 2015
Jim Popovitch writes:
> For the purpose of something like fail2ban all that is needed is
> the IPaddr. Having all the others would be a "nice to have", but
> would really drive up the patch size.
>From 10 lines to 20? I'd be more worried about the size of message or
msgdata objects.
> REMOTE_HOST is subject to swift changes, whereas REMOTE_ADDR is what
> actually connected to the server. One you can bank on, the other is
> always suspect, imo.
Sure, and that's precisely why I'd want both. Rapid changes of
REMOTE_HOST associated with the same REMOTE_ADDR would be a pretty
clear sign that something bad is going on.
On the other hand, bad guys typically have access to a bunch of IP
addresses if they need them. I don't think REMOTE_ADDR is necessarily
all that good a way to identify a miscreant.
More information about the Mailman-Users
mailing list