You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Stefanos Karasavvidis <st...@msc.gr> on 2003/07/28 19:28:58 UTC
Re: AW: AW: [5.0] Connector default configuration + connection timeou
t
Section 14.45 of HTTP 1.1 states:
The Via general-header field MUST be used by gateways and proxies to
indicate the intermediate protocols and recipients between the user
agent and the server on requests, and between the origin server and
the client on responses......
This means that if a proxy is involved there will be a Via header.
Moreover there is the X-Forwarded-For header (NOT part of the standard)
used for example by squid proxy, which indicates the original host
issuing the request.
Of course nothing prohibits a DoS host to insert these headers to fake a
proxy!!
Stefanos
Fischer, Ilona wrote:
> IMHO it's the definition of a proxy to send/recive requests instead of
> client... that means only the proxy was talking with the webserver -> in the
> HTTP-header was only the IP of the Proxy
>
> Regards :o)
> Ilona
>
>
>
>>-----Ursprüngliche Nachricht-----
>>Von: Henri Gomez [mailto:hgomez@apache.org]
>>Gesendet: Montag, 28. Juli 2003 18:01
>>An: Tomcat Developers List
>>Betreff: Re: AW: [5.0] Connector default configuration + connection
>>timeout
>>
>>
>>Fischer, Ilona a écrit :
>>
>>
>>>>Protection against DOS attack should also have some glues like :
>>>>
>>>>- Max clients from the same IP (ie DOS attack from the same host).
>>>
>>>How would you distinguish between users coming from big proxy and a
>>>DOS-attack? Our access.logs shows that approx. 30% acesses
>>
>>comes from
>>
>>>t-online (a big ISP in germany) and AOL....
>>
>>That's right (T-ONLINE and AOL) are big hackers ;)
>>
>>More seriously, in such case there must be the original IP somewhere
>>in the HTTP header isn't it ?
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
>
>
--
======================================================================
Stefanos Karasavvidis
Electronic & Computer Engineer
e-mail : stefos@msc.gr
Multimedia Systems Center S.A.
Kissamou 178
73100 Chania - Crete - Hellas
http://www.msc.gr
Tel : +30 2821 0 88447
Fax : +30 2821 0 88427
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org