https://www.webmaster-forums.net/crss/node/1028973 en https://www.webmaster-forums.net/server-management/how-protect-proxy-server-lawbreakers#comment-1170016 <blockquote class="bb-quote-body"><p><strong>mairving wrote:</strong> Is this an anonymous proxy?</p></blockquote> <p>May be my first answer was not very accurate.<br /> So, technically speaking, my proxy server is not anonymous for HTTP protocol. The proxy transfers HTTP_X_FORWARDED_FOR http header to a web server when a user connects to the web server through the proxy. The HTTP_X_FORWARDED_FOR contains the IP address of the user. Thus my proxy server is not anonymous by definition for HTTP protocol. The problem is that usually web servers don't log HTTP_X_FORWARDED_FOR header. I think the HTTP_X_FORWARDED_FOR header may scare away some hackers since proxy checkers like <a href="http://www.all-nettools.com/toolbox" class="bb-url">http://www.all-nettools.com/toolbox</a> show real user's IP address when he uses my proxy, but that is not 100% protection because:<br /> 1) Some web servers (I think even most of them) don't log HTTP_X_FORWARDED_FOR.<br /> 2) HTTP_X_FORWARDED_FOR does not work for any other protocols. (Of course HTTP is probably most dangerous protocol for me).</p> Sun, 24 Apr 2005 01:43:31 +0000 Mark_W comment 1170016 at https://www.webmaster-forums.net https://www.webmaster-forums.net/server-management/how-protect-proxy-server-lawbreakers#comment-1169989 <blockquote class="bb-quote-body"><p><strong>mairving wrote:</strong> Is this an anonymous proxy? </p></blockquote> <p>At present the proxy does not require authentication. I plan to add authentication in future. The users can use the proxy only with proprietary client software since the proxy is a non-standard proprietary proxy server and uses a non-standard protocol. When they install the client software they agree with my license agreement.<br /> Thus I have some control over the users but I don't know how it can provide 100% protection for me since anyone can download and install the client software.</p> <blockquote class="bb-quote-body"><p>Quote: You would probably have some liability if you failed to disclose information to the authorities. </p></blockquote> <p>It is a very interesting question how to avoid failing to disclose information to the authorities?</p> <blockquote class="bb-quote-body"><p>Quote: It it isn't anonymous, then you should have some kind of AUP that they sign off on when they sign up similar to the ones that many hosts use. </p></blockquote> <p>As I told the users must agree with electronic license agreement to be able to install the client software, but as far as know the agreement may only help when the users have any complaints against me and the agreement may not help when anyone has attacked a server from my IP address.</p> Sat, 23 Apr 2005 14:36:14 +0000 Mark_W comment 1169989 at https://www.webmaster-forums.net https://www.webmaster-forums.net/server-management/how-protect-proxy-server-lawbreakers#comment-1169956 <p>Is this an anonymous proxy?<br /> If it is then there would be no way to control the way that someone uses it. You would probably have some liability if you failed to disclose information to the authorities.</p> <p>It it isn't anonymous, then you should have some kind of AUP that they sign off on when they sign up similar to the ones that many hosts use. </p> <p>Personal opinion is that an anonymous proxy while it's purpose might be intended for good, is a bad idea. Just too much potential for misuse out there.</p> Sat, 23 Apr 2005 02:55:31 +0000 mairving comment 1169956 at https://www.webmaster-forums.net