Re: Web App needs information about original client's IP

From: gzgirski (gzgirski_at_discussions.microsoft.com)
Date: 01/28/05 

Date: Fri, 28 Jan 2005 11:13:02 -0800

"Phillip Windell" wrote:

> It still isn't going to work that way in the enviroment you describe. "Real
> life" is already proving what we are trying to tell you,...that is how you
> ended up asking the question in the first place. Even if it "could" work it
> still isn't going to be allowed to work because it would be a rediculas
> security risk to design a proxy to provide a way to have client machines
> "blabing" their own private IP# out the Internet Webservers where it is
> recorded into the server's logs. One of the primary purposes of a proxy is
> to hide the client's identity (IP#) from the outside world and what you want
> totally reverses that.
>
Yhhh… I don’t want to proxy server to “blab” anything to every web server.
Just to one of them. You’re absolutely right, that this option could be a
security risk, but I don’t want to make it default. Conscious administrator
could use it when hi needs. As you can see, solution I talking about exists
in squid proxy server so I hoped ISA can do this too.

But there is nothing to talk about anymore, because ISA can’t do this. I
know… It’s not a “fault”. It’s made by design.

I will try to solve this in other way. Routing maybe or some kind of program
(activeX for clients computer, ISAPI plug-in).

Thanks for interesting discussion, Phillip. I appreciate it.

Gabriel

Relevant Pages

  • Re: AAAAAHHHH! ISA is making me crazy
    ... and that "a proxy server approach would be a step backwards" ... and it they are afraid it might break some of their apps...blah blah ... through ISA first. ... Phillip Windell ...
    (microsoft.public.isa)
  • Re: Filtering Websites
    ... can create such filters for it, better ask that on appropriated forums like ... We're running Windows SBS Server ... > about 8 client machines hooked up on a domain. ... > had a vague reference to using Proxy Server for just this purpose! ...
    (microsoft.public.win32.programmer.networks)
  • Re: Disabling Internet Access
    ... > still allowing them to use the internal network ... Most of my client machines are currently ... I think the most secure way is to use a firewall [or proxy server, squid, ... Free and not-free firewalls are listed at: ...
    (microsoft.public.win2000.security)
  • Re: Filtering Websites
    ... Microsoft's Proxy Server has long since been superseded ... Microsoft ex-MVP, MCSD ... We're running Windows SBS Server ... > about 8 client machines hooked up on a domain. ...
    (microsoft.public.win32.programmer.networks)