Re: How to obtain the Client's IP address , when the web server is published with ISA
From: Jim Harrison [MSFT] (jmharr_at_online.microsoft.com)
Date: 03/05/04
- Next message: Jim Harrison [MSFT]: "Re: standard vs. enterprise ISA"
- Previous message: Jack: "Event ID 14197 - cache write problem"
- In reply to: hibri: "Re: How to obtain the Client's IP address , when the web server is published with ISA"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 4 Mar 2004 17:05:18 -0800
The difference with that filter is that it doesn't cause IIS to "see" the client IP; instead, it adds a header (X-FORWARDED-FOR) to
the request so that your web app can request that header and get the information it wants.
If you only want to see the client IP as part of the TCP/IP connection data, then you have no choice but to server publish.
Server publishing in ISA2000 is completely devoid of the HTTP-smarts that come with the web proxy.
..of course, there's always ISA 2004...
-- Jim Harrison [ISASE] Read the help, books and articles! This posting is provided "AS IS" with no warranties, and confers no rights. "hibri" <hibri_mNOSPAM@yahoo.com> wrote in message news:opr39pmgbys8kdt8@msnews.microsoft.com... Hi Jim, thanks for your quick reply. This is for a public website, so i dont want to use Basic or NTLM. I need the IP to deliver custom content to a set of clients that come from a specific ISP. So even if the clients do use a proxy, i still will get the external ip of the proxy, which still serves the purpose. From what i've found, i can't do this with web publishing, so i have to use a server publishing rule to publish IIS. By doing this i'm tying a single webserver to the external IP. Are there any other disadvantages when publishing a webserver using a server publishing rule ? I found filter that can do this at http://www.s0nic.hostinguk.com/topic.asp?TOPIC_ID=82&FORUM_ID=21&CAT_ID=6&Forum_Title=Downloads+(Binaries)&Topic_Title=gISAPI+MS+ISA+filter But i dont feel comfy putting this on a production server. Are there any commercial products that can do this ? Thanks in advance .Hibri On Tue, 2 Mar 2004 09:33:41 -0800, Jim Harrison [MSFT] <jmharr@online.microsoft.com> wrote: > C-IP is not an authentication mechanism, nor is it a reliable as > identity validation. > > Let's forget about IP spoofing for a moment and think about what happens > with any outbound proxy (not just ISA) - the internal > clients (all 500 of them) appear to come from a single IP; the proxy > external IP. > > Since this is the case for an increasingly large number of environments, > you're effectively saying that any request from a > particular IP is "valid", regardless of the actual source of that > request. > > Since you appear to have control over this server app, you're better off > to use real authentication like Basic (over SSL, of > course), NTLM, etc. -- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
- Next message: Jim Harrison [MSFT]: "Re: standard vs. enterprise ISA"
- Previous message: Jack: "Event ID 14197 - cache write problem"
- In reply to: hibri: "Re: How to obtain the Client's IP address , when the web server is published with ISA"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
