Re: Web access lists and http 1.1 ?

From: James R Grinter <>
Date: Thu, 28 Nov 1996 19:53:30 +0000

On Thu 28 Nov, 1996, Duane Wessels <> wrote:
> writes:
>>I've been looking into this "forwarded by ... for ... " header business
>>with the proposed http 1.1 standard.
>>How will web server access list security be done if clients come through
>>a http 1.1 cache?
>I am planning to add a header named "X-Forwarded-For:" which will be a
>list of client IP addresses seen through the request chain. e.g., each

I think the only real solution is to control access to your cache
(if you allow your cache to access your restricted access data),
or else encourage local access to not use your cache (by disallowing
your cache to access your local data).

If someone's using a remote cache, you couldn't trust the IP/name type
information that would be passed to you anyway so it doesn't matter
that there's none provided.

(all IMHO, anyway)

Received on Thu Nov 28 1996 - 11:58:04 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:40 MST