RE: Logging through Web

From: Adalto Silva Correia Filho[SMTP:adalto@pop-ce.rnp.br]
Sent: Wednesday, 1 April 1998 6:11
Subject: Logging through Web

Dear friends,

        I have some administrative scripts (Web based) running on my
network. When someone misses the password of some of them, I used to log
it using REMOTE_HOST or REMOTE_ADDR.

        Well, when I try to access any of them, using a Proxy-configured
browser, I got on these two environment variables pointing to the proxy
server, what , of course, isn't what I'm willing to log.

        Any ideas on how could I get the original IP and Name of the
machine requesting the script will be *very* welcome.

Look at the Via: and X-Forwarded-For: headers that are added to requests
emanating from Squid (unless configured otherwise). This is somewhat
mentioned in the FAQ. Still, a clever user logged in to the proxy machine
could fake these credentials in the HTTP headers. Assuming your proxy is
not able to be logged into by non-provileged users, others users couldn't
(short of IP spoofing or other more serious hacks).

Jason

begin 600 winmail.dat
M>)\^(B`6`0:0"``$```````!``$``0>0!@`(````Y`0```````#H``$(@`<`
M&````$E032Y-:6-R;W-O9G0@36%I;"Y.;W1E`#$(`06``P`.````S@<#`!\`
M$P`X`````@!$`0$@@`,`#@```,X'`P`?`!$`+@`=``(`50$!"8`!`"$```!&
M1D5#0CE%,CA"0SA$,3$Q.4(P.#`P,#!&.#`S-3@P,0`D!P$$@`$`&````%)%
M.B!,;V=G:6YG('1H<F]U9V@@5V5B`!<(`0V`!``"`````@`"``$#D`8`'`<`
M`"$```!``#D``)#$[PA=O0$#`#8```````,`)@``````'@!P``$````4````
M3&]G9VEN9R!T:')O=6=H(%=E8@`"`7$``0```!L````!O5SB=8>.:E-(R,`1
MT9J.`*`DHZ?'``4JG7,`'@`Q0`$````5````05535$Q!3BU!55-44$\M3UI-
M-#0``````P`:0``````>`#!``0```!4```!!55-43$%.+4%54U103RU/6DTT
M-``````#`!E```````L`!0``````"P`U```````+``8,``````L`%PP`````
M"P`"#``````"`0D0`0```,P#``#(`P``904``$Q:1G5%&2M@AP`*`0T#0W1E
M>'0!]_\"I`/D!>L"@P!0`O,&M`*#)C(#Q0(`8V@*P'-EV'0P(`<3`H!]"H`(
MSS\)V0*`"H0+-Q+"`=`@1ET#83H#,`&1$^!D!T!T1F\&``,0=F$@"%!R#Q5`
M!S`7P`,0:&];4R!-5%`Z81B30'!`;W`M8V4N!*!P\"YB<ET*HPJ`!F`",#48
M%5<)@&X'D!B0>2PT(#$3X'`%$`,@,3G`.3@@-CHQ`%`;Y1AU8FH%D!QV3&]G
M0F<+@&<@=&@#8'4\9V@<X0PP&^0;U41EAPK!`U`(D&YD<RPA/`D8,TD@$W!V
M92!S-P-P)&`:@&T+@`0`='*X871I)%(%`P0@*"$!""!B81.@9"D@<AQU;@,`
M(%$"("!M>2<*XQP1'2!T=P6P:R[]'.!H"?`D<P(@)&`D\`00OP>1((`D8`JP
M!!`H@60G<&YF)'0J\2HA;1V`)!!UOR:Q('`8T!30(&`;U6D%0`,L("!"4D5-
M3U1%X%](3U-4)W`%P"WE8$%$1%(N(N\<TFSZ;!V`=RCR)!`E0"?`&,'_`-`;
M,`01`'`GP"MW+809,#)0`V!X>1L@`B!F:9YG"'`L01O5&Z!O=Q.@\G(KXF=O
M!4`G@2HA$Z!+('`H@"`)\'9I`V!N^P>``C`@&2`'(0)@!Y$:\/\+@"5P(%(8
MT"HC,](GUC6![R10-:$Q("5@(!V`*O$%H,\(<!.@'8`$`&XG!4`ZL]A))VTQ
M$`,0;#BU+*'W+X\84C*!:0$`)J`G<AH`^P?@.U%L*M`UT1.P*A,%L&\T8`N`
M!T`D`%`R82K03NYA*T<GU@#!:`N`)&`50/YQ"E`E,"!$):8\LR:`)&#R*CIA
M>2HQ$##0!:`'@&<HP"$\(`!O:R3`0)161P<P&!!!LE@M1@6P=_\+$0F`2,(8
M$"CP&H`$D"H"_SK1"L`DLDDQ+&)#I00@*\#_`'`E82!1`U(&`$/`/R`F,/\G
M$#@A!"`T*38`*/!(\`0`Y&4I*,`@5$-0!"!/8?<D@CJS-W)I*7$JT`N`*A/H
M1D%13Q%3)7`PXADP_F,X(#IA+!(%P"RA0'!0U,<Y"D,F/_1F86LVH39S/P4`
M"8!08@=`3W%1!$A4KQI02;9/$4\@0000=23QW2!@>0AA.55/86XV`3@"/RQB
M15%3%UI2)\!9P&XM_SEA-R`X(%-"4L(BP$YD!"#G7),_Y#OR*',:```@*N+]
M08%S&O`J\"=#!<!.<R>@/P6P)&$&<0A@!"`3<&-K=G-/`"$\2B:@`B`;U7T!
M8T!``$@``)#$[PA=O0$"`?D_`0```&``````````W*=`R,!"$!JTN0@`*R_A
M@@$`````````+T\]551#+T]5/4]44T=004](42]#3CU-4R!-04E,(%)%0TE0
M245.5%,@,2]#3CU!55-43$%.+4%54U103RU/6DTT-``>`/@_`0```!$```!!
M<FUI<W1E860L($IA<V]N`````!X`.$`!````%0```$%54U1,04XM05535%!/
M+4]:330T``````(!^S\!````8`````````#<IT#(P$(0&K2Y"``K+^&"`0``
M```````O3SU55$,O3U4]3U131U!!3TA1+T-./4U3($U!24P@4D5#25!)14Y4
M4R`Q+T-./4%54U1,04XM05535%!/+4]:330T`!X`^C\!````$0```$%R;6ES
M=&5A9"P@2F%S;VX`````'@`Y0`$````5````05535$Q!3BU!55-44$\M3UI-
M-#0`````0``',##F#M?V7+T!0``(,.`1*-CV7+T!'@`]``$````%````4D4Z
M(``````>`!T.`0```!0```!,;V=G:6YG('1H<F]U9V@@5V5B``L`*0``````
M"P`C```````#``80P4*C>`,`!Q!2`P```P`0$``````#`!$0`````!X`"!`!
M````90```$923TTZ041!3%1/4TE,5D%#3U)214E!1DE,2$]33510.D%$04Q4
M3T!03U`M0T523E!"4E-%3E0Z5T5$3D531$%9+#%!4%))3#$Y.3@V.C$Q4U5"
72D5#5#I,3T='24Y'5$A23U4`````@>$=
`
end
Received on Wed Apr 01 1998 - 06:24:00 MST