Re: SSL Troubleshotting
Re: SSL Troubleshotting
- Subject: Re: SSL Troubleshotting
- From: Patrick Middleton <email@hidden>
- Date: Thu, 5 Feb 2009 10:41:22 +0000
Without even looking, I'd guess that ERXRequest.remoteHostAddress()
is looking for an HTTP header REMOTE_ADDR (this is not really an HTTP
header, it's a CGI environment variable, but WebObjects presents it
as a header).
I have under some circumstances that I can't remember found that
sometimes REMOTE_ADDR was not the right thing to look for; with the
systems I have to hand running Apache 1.3.41 and Apache 2.2.6 on
10.5.x, REMOTE_ADDR.
If possible, enable /cgi-bin/printenv on the server where this is a
problem and make an HTTPS call to discover the name of the CGI
environment variable containing the address for which you are
looking; then, in your code, if ERXRequest.remoteHostAddress()
returns "127.0.0.1", use the API for getting at HTTP headers to look
for that name instead.
On 5 Feb 2009, at 10:11, Amedeo Mantica wrote:
No one know anything about??
:-(
On 04/feb/09, at 12:49, Amedeo Mantica wrote:
Hi,
To prevent session hijacking i generally use the sender ip
verification ( ERXRequest.remoteHostAddress() ) and works fine for
http requests, but when we ae il SSL mode, WebObjects see all
requests coming from 127.0.0.1 (and tecnically is right)
Now how to get the real ip address of the client ?
Regards
Amedeo
---
Regards Patrick
OneStep Solutions LLP
www.onestep.co.uk
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden