Re: Web access lists and http 1.1 ?

From: Duane Wessels <wessels@dont-contact.us>
Date: Wed, 27 Nov 96 21:36:05 -0800

Steve.Green@its.csiro.au writes:

>I've been looking into this "forwarded by ... for ... " header business
>with the proposed http 1.1 standard.
>
>How will web server access list security be done if clients come through
>a http 1.1 cache?
>
>We make extensive use of domain name security and IP address security on
>our web servers. I know these can be fairly easily spoofed, but it gives
>a reasonable amount of security for minimum mucking about.

The 1.1 spec does not seem to provide for this.

I am planning to add a header named "X-Forwarded-For:" which will be a
list of client IP addresses seen through the request chain. e.g., each
cache appends the IP address of the client generating the request. If
the address is unknown or not enabled in the config file, then the word
"unknown" is inserted. So it could possibly look something like

    X-Forwarded-For: 10.0.0.2, unknown, 128.138.44.1

Of course it will be Squid-specific since its not in the HTTP 1.1 spec
(yet).

Duane W.
Received on Wed Nov 27 1996 - 21:38:51 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:40 MST