Wikipedia and X-Forward-From

[Richard Clayton]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <005f01c95ab9$e9ecf540$bdc6dfc0$@net>, James Firth
<james2@jfirth.net> writes


>Now it doesn't take a genius to spot that any Tom||Dick||Harry could spoof
>X-Forward-From HTTP header in any request (so long as the user was not then
>re-routed via censorware).  Would this then cause Wikipedia to log the IP
>address in X-Forward-From rather than the true IP address?

Wikipedia only accepts XFF headers from "trusted" proxies

A certain amount of their scrambling around on Fri/Sat was to identify
the censoring proxies and to get them added to the trusted list

>I can't see any way that X-Forward-From has relevance in the use of
>censorware proxies in the case of Wikipedia.

I expect that when the FBI operate child sexual abuse image websites as
part of a "sting" operation, they would be very pleased to see XFF
headers (depending upon the competence of the IWF in blocking the right
parts of the website, or whether they had blocked something nearby) ...

>  In fact the only vaguely
>robust way to prevent this happening is for the proxies to use the IP
>address of the originator,

there exist DPI systems that can be used in place of proxies (albeit the
extent to which they scale I would not like to say...)  Someone posted
this one to the ORG list this morning

<URL:http://www.slideshare.net/flyingpotato/netclean-whitebox-by-
practeo-presentation>

- -- 
richard                                              Richard Clayton

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBST+umpoAxkTY1oPiEQIspwCfZPNP7LB65OqMv/s78YKbJAFBkmYAoIJn
+afS5VP4ui0dfOOzr4VS0FgV
=buTC
-----END PGP SIGNATURE-----