On Mon, 08 Nov 2004 19:37:11 +0100, Gerard Meijssen
<gerardm(a)myrealbox.com> wrote:
When it is
not feasible because the chance of doctored information from malicious
users is too great it is not possible. But 50% more accuracy when
dealing with proxies sounds good to me.
The problem is, how do we know if a given proxy is giving out accurate
information? All it takes is somebody faking the header while they
vandalise, and they can choose who to take the blame, potentially
deliberately blocking some valued user, or inflaming some
quasi-political situation...
So, the most that would be sensible would be to have a list of
"trusted proxies" from whom we took the XFF header to be a genuine
record; though, the situations in which anyone would be behind a proxy
and still have a valid IP of their own would seem to me to be rather
limited, once you've discounted those deliberately hiding their
identity...
--
Rowan Collins BSc
[IMSoP]