Hosting Provided By

Re: HTTP Authentication & Source IP Address

From: Jeff Dafoe <jeff(at)badtz-maru.com>
Date: Sat Nov 30 2002 - 11:56:33 EST

> In the recent discussion on HTTP Authentification, it was said (by Bob
Lee)
> that you can't tie the origin of the the request (the IP address) to the
> session for reasons that have been discussed here time and time again.

Because of proxies such as those in use by AOL. Take this log excerpt:

152.163.188.232 - - [30/Nov/2002:12:01:09 -0500] "GET /subcultural/index HTTP/1.1" 200 19861
152.163.188.228 - - [30/Nov/2002:12:01:09 -0500] "GET /image/subcultural/site/subcultural_on_dkgrey.gif HTTP/1.0" 200 2008 152.163.188.67 - - [30/Nov/2002:12:01:09 -0500] "GET /image/subcultural/site/front-mainpromo-1129.jpg HTTP/1.1" 304 - 152.163.188.2 - - [30/Nov/2002:12:01:11 -0500] "GET /image/subcultural/site/sidenav-dresses.gif HTTP/1.0" 200 249

All four of those requests originated from the same user, who was on AOL. Although all of the requests are from 152.163.188 in this instance, that frequently doesn't hold true.

Jeff Received on Sat Nov 30 12:20:26 2002

This message: [ Message body ]
Next message: Mark Curphey: "Dead Thread - HTTP Authentication & Source IP Address"
Previous message: Matt Petteys: "RE: HTTP Authentication & Source IP Address"
In reply to James Wilkinson: "Re: HTTP Authentication & Source IP Address"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:44 EDT