[Mailman-Users] HTTP_X_FORWARDED_FOR logging support
jimpop at gmail.com
Tue Jun 23 03:44:19 CEST 2015
On Mon, Jun 22, 2015 at 8:06 PM, Stephen J. Turnbull <stephen at xemacs.org> wrote:
> Are you proposing this for inclusion in a future Mailman distribution?
Yes, at least for the 2.x trunk.
> If so, RFC 7239 Forwarded-For should be supported as well.
Sure, that makes good sense to add.
> Also, since one of the purposes of this information appears to be
> detection of attacks of various kinds, I would think that instead of
> falling back to REMOTE_HOST or REMOTE_ADDR, you would want to collect
> all of them. After all, this is cheap since you're getting it from
> the HTTP headers, no DNS lookups or whatever involved, they've already
> been done.
For the purpose of something like fail2ban all that is needed is the
IPaddr. Having all the others would be a "nice to have", but would
really drive up the patch size.
> This especially applies to REMOTE_HOST vs. REMOTE_ADDR.
REMOTE_HOST is subject to swift changes, whereas REMOTE_ADDR is what
actually connected to the server. One you can bank on, the other is
always suspect, imo.
More information about the Mailman-Users