On Tue, 19 Nov 2002, Lucian Daniel Kafka wrote:

> At 12:53 PM 19/11/2002 +1100, you wrote:
> 
> 
> >On Tue, 19 Nov 2002, Saints Support wrote:
> >
> > > I mean I know we all complained about the security of the .au DB and yes
> > > I had my fair share of moans.
> > >
> > > But when it comes down to it. Using a Shared Proxy server like telstra's
> > > IP Address '165.228.129.11' has been blacklisted. This will be reset in
> > > 1 hour.
> 
> Perhaps Ausregistry should do blacklist usage accounting on the 
> HTTP_X_FORWARDED_FOR IP and not the proxy REMOTE_SERVER IP.

That'd work fine till some scumbag figured out that putting in a header
with random HTTP_X_FORWARDED_FOR values allowed them to create a rather
large hole through the restrictions :-(

In other words, the HTTP_X_FORWARDED_FOR is user-suplied data - it's not
to be trusted.

Neale.