[Mailman-Users] HTTP_X_FORWARDED_FOR logging support

Stephen J. Turnbull stephen at xemacs.org
Tue Jun 23 08:31:52 CEST 2015

Jim Popovitch writes:

 > For the purpose of something like fail2ban all that is needed is
 > the IPaddr.  Having all the others would be a "nice to have", but
 > would really drive up the patch size.

>From 10 lines to 20?  I'd be more worried about the size of message or
msgdata objects.

 > REMOTE_HOST is subject to swift changes, whereas REMOTE_ADDR is what
 > actually connected to the server.  One you can bank on, the other is
 > always suspect, imo.

Sure, and that's precisely why I'd want both.  Rapid changes of
REMOTE_HOST associated with the same REMOTE_ADDR would be a pretty
clear sign that something bad is going on.

On the other hand, bad guys typically have access to a bunch of IP
addresses if they need them.  I don't think REMOTE_ADDR is necessarily
all that good a way to identify a miscreant.

More information about the Mailman-Users mailing list