Skip to main content
J
jeff_benton
Participant
August 27, 2009
Question

spoofing a IP address in cfhttp

  • August 27, 2009
  • 1 reply
  • 1787 views

I have a application where I hit Amazon.com several times a second. Based on their rules I can only hit them 3 times a second per IP address.  So in the past what I have done is setup a COM object running on several virtual windows 2000 servers each with their own IP address and then use a Outbound IP Translator in my firewall.

We are now moving to a 100% CF solution and I have thought I saw something that said using the <cfhttpparam> tag you could spoof the IP address but doing this and sending to "http:\\whatismyipaddress.com" keeps sending back my primary address.

Does anyone have a solution for me on this as if I want to continue down a CF solution I would need to purchase server copies of CF to load on each virtual machine or use a open source CF solution but still run on the virtual machine.  All are options but not the cheapest of options.

Below is the test code i was using:

<cfhttp url="http://whatismyipaddress.com/"
    method="post"
    >

    <cfhttpparam type="header" name="host" value="192.168.2.52">

</cfhttp>

<cfdump var="#cfhttp.filecontent#">

In the above code, I am running on 192.168.2.90 but 192.168.2.52 is setup for outbound address translation so it use a public ip that is different from my main outbound ip.  But whatismyaddress.com only reports my main address.  if i go to the .52 server and run IE to whatismyipaddress.com it reports the correct one so I know the outbound translator is working just not the spoofing in CF.

thanks for your help

Jeff

This topic has been closed for replies.

1 reply

BKBK
Community Expert
BKBKCommunity Expert
Community Expert
August 31, 2009
spoofing a IP address in cfhttp [by means of]:

<cfhttp url="http://whatismyipaddress.com/" method="post">
    <cfhttpparam type="header" name="host" value="192.168.2.52">
</cfhttp>

That fails as an IP spoof for 2 reasons. First, for spoofing to work, the destination server has to respond to the source IP. However, 192.168.xxx.xxx is an internal address for your network. It means nothing to the whatismyaddress.com server, as it is outside your network. Secondly, the host header that you send in cfhttpparam is loosely equivalent to the cgi variables, http_host or server_name. Whereas, the IP header that you actually send the whatismyaddress.com server is the public version of your IP address, not 127.0.0.1,  192.168.xxx.xxx, or such.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices