I don't think I do anything sophisticated like X-forwarder-for. I just have a ProxyPass directive in the apache configuration teeling it to reverse proxy a directory to google ProxyPass /googlebooks http://books.google.com/books But what if Google did something with a X-forwarded-for header? It can not see where the actual user is located. Behind a NAT usually 10.0.0.0 adresses are used. In fact it is trivial what Ip adresses are used behind the NAT. Since they are not exposed to the outside world it is only relevant if they are unique within the network behind the NAT. Anyway, since we only hit google books form the server when a user asks for display of a full record, I hardly expect that will cause the Google triggers. I suspect that the few thousand PC's within the university campus hitting Google cause the problem, which especially Google books reacts upon. (I can still search Google when Google books rejects accces from my IP adress.) I'll keep you informed. Peter Drs. P.J.C. van Boheemen Hoofd Applicatieontwikkeling en beheer - Bibliotheek Wageningen UR Head of Application Development and Management - Wageningen University and Research Library tel. +31 317 48 25 17 http://library.wur.nl <http://library.wur.nl/> P Please consider the environment before printing this e-mail ________________________________ Van: Code for Libraries namens Jonathan Rochkind Verzonden: di 18-3-2008 18:48 Aan: [log in to unmask] Onderwerp: Re: [CODE4LIB] Restricted access fo free covers from Google :) Nice. X-Forwarded-For would also allow google to deliver availability information suitable for the actual location of the end-user. If their software chooses to pay attention to this. Which is the objection to server-side API requests voiced to me by a Google person. (By proxying everything through the server, you are essentially doing what I wanted to do in the first place but Google told me they would not allow. Ironic if you have more luck with that then the actual client-side AJAXy requests that Google said they required!) Thanks for alerting us to X-forwarded-for, that's a good idea. Jonathan Joe Hourcle wrote: > On Tue, 18 Mar 2008, Jonathan Rochkind wrote: > >> Wait, now ALL of your clients calls are coming from one single IP? >> Surely that will trigger Googles detectors, if the NAT did. Keep us >> updated though. > > I don't know what Peter's exact implementation is, but they might relax > the limits when they see an 'X-Forwarded-For' header, or something > else to > suggest it's coming through a proxy. It used to be pretty common when > writing rate limiting code to use X-Forwarded-For in place of > HTTP_ADDR so > you didn't accidentally ban groups behind proxies. (of course, I don't > know if the X-Forwarded-For value is something that's not routable (in > 10/8), or the NAT IP, so it might still look like 1 IP address behind a > proxy) > > Also, by using a caching proxy (if the responses are cachable), the total > number of requests going to Google might be reduced. > > I would assume they'd need to have some consideration for proxies, as I > remember the days when AOL's proxy servers channeled all requests through > less than a dozen unique IP addresses. (or at least, those were the only > ones hitting my servers) > > -Joe > -- Jonathan Rochkind Digital Services Software Engineer The Sheridan Libraries Johns Hopkins University 410.516.8886 rochkind (at) jhu.edu