Newbie question: PERL proxies...

M

mrmike

I am in the design stages of developing a website that will allow a
user to log into my site, the site internally would log into a third
party site using something like LWP::UserAgent or WWW::Mechanize,
parse the HTML data and return it to the users browser using my
formatting (trust me, not trying to do anything illegal). The problem
is that I want to more or less spoof the user's IP address and send it
along to the third party server rather than use my own. I'm sure by
now this sounds bad, but really the whole concept is due to the fact
that the user(s) IP addresses are part of the security mechanism. Boy,
I'm really digging myself a hole here, aren't I? Ok, you get the
point. Again, nothing illegal. How might I do this in PERL? Perhaps
some kind of proxy?
 
J

Juha Laiho

(e-mail address removed) (mrmike) said:
I am in the design stages of developing a website that will allow a
user to log into my site, the site internally would log into a third
party site [...]
The problem is that I want to more or less spoof the user's IP address
and send it along to the third party server rather than use my own.

For the first, you can't hide your own IP -- because anyway it'll be
your IP that will be connecting to the third site, and you need to
have the return packets routed through your site.

Also, there's a reason that the IP primarily is retrieved from the
connection data (which you cannot alter if you wish to see the
return packets).

If you can agree with the third-party site(s) in question, you can
of course build some scheme of your own to transmit the end-user
IP addresses (but this of course requires that the admins of the
third-party site(s) trust you). One such scheme would be to agree
upon a specific X-... header that your site inserts to the requests
and the backend sites inspect and honor _if_ the request is coming
from your IP. Without the collaboration of admins of the third-party
sites this is not doable.
 
I

Ian Wilson

Juha said:
(e-mail address removed) (mrmike) said:
I am in the design stages of developing a website that will allow a
user to log into my site, the site internally would log into a third
party site [...]

Looks like a proxy to me.

I wonder why?
For the first, you can't hide your own IP -- because anyway it'll be
your IP that will be connecting to the third site, and you need to
have the return packets routed through your site.

Also, there's a reason that the IP primarily is retrieved from the
connection data (which you cannot alter if you wish to see the
return packets).

If you can agree with the third-party site(s) in question, you can
of course build some scheme of your own to transmit the end-user
IP addresses (but this of course requires that the admins of the
third-party site(s) trust you). One such scheme would be to agree
upon a specific X-... header that your site inserts to the requests
and the backend sites inspect and honor _if_ the request is coming
from your IP. Without the collaboration of admins of the third-party
sites this is not doable.

Proxies such as squid add headers like this:

HTTP_VIA eve.cross-site.com (m_i_m_a.pl/0.1)
HTTP_X_FORWARDED_FOR 192.168.221.197
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,480
Members
44,900
Latest member
Nell636132

Latest Threads

Top