Running reCaptcha on a reverse proxy system
2,512 views
Skip to first unread message
pinky
Jun 20, 2008, 11:13:55 PM6/20/08
to reCAPTCHA
Hi, I'm trying to use reCaptcha for a cgi python website, but I have
run into a problem. reCaptcha requires that the client's IP address is
sent to the server when attempting to solve the captcha, which it says
is for security reasons. However, my website is behind a firewall, and
requests are forwarded to it based on the domain name through Apache's
mod_proxy module (see http://en.wikipedia.org/wiki/Reverse_proxy ).
What this means is that the client IP address seen by my website will
always be the external IP of the server that is forwarding requests to
it. Now, I suppose it will work if I simply send this IP every time to
the reCaptcha server, however, I am wondering: will this significantly
degrade security? By sending the same IP address every time, I would
assume that defeats the extra security that sending the IP adds in the
first place. Is this something to worry about or only a minor issue?
Thanks, and hopefully my question was clear,
Pinky
run into a problem. reCaptcha requires that the client's IP address is
sent to the server when attempting to solve the captcha, which it says
is for security reasons. However, my website is behind a firewall, and
requests are forwarded to it based on the domain name through Apache's
mod_proxy module (see http://en.wikipedia.org/wiki/Reverse_proxy ).
What this means is that the client IP address seen by my website will
always be the external IP of the server that is forwarding requests to
it. Now, I suppose it will work if I simply send this IP every time to
the reCaptcha server, however, I am wondering: will this significantly
degrade security? By sending the same IP address every time, I would
assume that defeats the extra security that sending the IP adds in the
first place. Is this something to worry about or only a minor issue?
Thanks, and hopefully my question was clear,
Pinky
reCAPTCHA Support
Jun 20, 2008, 11:36:28 PM6/20/08
to reca...@googlegroups.com
While reCAPTCHA works fine if the IP you return is incorrect, it is often very helpful to us. We'd appreciate if you can pass the ip through the proxy.--
reCAPTCHA: stop spam, read books
http://recaptcha.net
reCAPTCHA: stop spam, read books
http://recaptcha.net
pinky
Jun 21, 2008, 3:46:34 PM6/21/08
to reCAPTCHA
Ok, thank you. I thought that it might fail if the correct IP was not
passed. I can try to somehow get the IP information from the
forwarding server, and send that as the IP. I'll definitely look into
it. Thanks again for the quick reply.
passed. I can try to somehow get the IP information from the
forwarding server, and send that as the IP. I'll definitely look into
it. Thanks again for the quick reply.
pinky
Jul 28, 2008, 12:42:33 AM7/28/08
to reCAPTCHA
Just in case someone else reads this, the way to get the real IP
address from behind a reverse proxy is from the x-forwarded-for header
instead of the remote-addr header. i.e. to do this in Python, you
could use the code below
ip = os.environ['HTTP_X_FORWARDED_FOR']
address from behind a reverse proxy is from the x-forwarded-for header
instead of the remote-addr header. i.e. to do this in Python, you
could use the code below
ip = os.environ['HTTP_X_FORWARDED_FOR']
Reply all
Reply to author
Forward
0 new messages