使用与HTTP_X_FORWARDED_FOR类似的方法在laravel中获取用户IP地址 [英] Get User IP address in laravel with similar method to HTTP_X_FORWARDED_FOR
问题描述
我需要获取用户的IP地址".
I need to get my users IP address'.
我找到了这篇文章如何获取客户端IP在Laravel 5.1中显示地址?
上述文章使用了 Request :: ip();
但是,此方法返回我的服务器IP地址.据我从其他来源了解到,这是在站点为localhost时发生的-但是该站点是托管的,并且位于服务器上.
However, this method returns my servers IP address. From what I can understand from other sources, this happens when the site is localhost - but the site is hosted and is live on a server.
该站点可以在线运行,但它可能引用 localhost
,因为该站点可能位于其自己的服务器上(我没有服务器配置经验,无法知道这是正确的还是不是,只是一个猜测).
This site is live and online, but it might refer to localhost
, as the site might be sitting on its own server (I dont have any experience in server config to know if this is true or not, just a guess).
当我连接到数据库主机时,我也使用 localhost
引用,而不是将 mysql.phpmyadmin.hosting.com
用作数据库主机.因此,我的猜测是, Request :: ip();
返回服务器ip,因为该站点以某种方式位于localhost.
When I connect to the DB Host, I do so using localhost
referencing as well, and not something like mysql.phpmyadmin.hosting.com
as DB Host. Therefore, my guess is, that the Request::ip();
returns the server ip, because the site somehow is sitting localhost.
但是,如果我使用$ _SERVER ['HTTP_X_FORWARDED_FOR'];我得到正确的IP地址.
However, if I use $_SERVER['HTTP_X_FORWARDED_FOR']; I get the correct IP address.
现在我的最后一个问题是:这样安全吗?还有使用Laravel函数发出此请求的另一种方法吗?
Now to my final question: Is this safe to use? Is there another way to use a Laravel function to make this request?
据我了解,$ _ SERVER ['HTTP_X_FORWARDED_FOR'];根据如何获取客户端IP地址,可能会有安全漏洞在PHP中?.
From what I can understand, the $_SERVER['HTTP_X_FORWARDED_FOR']; can have security holes, according to How to get the client IP address in PHP?.
我可以安全地使用 $ _ SERVER ['HTTP_X_FORWARDED_FOR'];
而不用担心吗?如果没有,我还能采取什么其他方式来安全地获得用户的IP地址?
Can I use $_SERVER['HTTP_X_FORWARDED_FOR'];
safely without worrying? If not, what other way could I go, to get the users IP address safely?
推荐答案
X-Forwarded-For
的风险在于用户可以自己创建标头,从而传递他们希望的任何IP
The risk with X-Forwarded-For
is that a user could create the header themselves, and thus pass along any IP they wish.
解决方案是仅在 REMOTE_ADDR
是您的受信任代理的标头时信任标头.有一个 Laravel软件包,您可以执行此限制.
The solution is to only trust the header when REMOTE_ADDR
is that of your trusted proxy. There's a Laravel package that lets you enforce this restriction.
这篇关于使用与HTTP_X_FORWARDED_FOR类似的方法在laravel中获取用户IP地址的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!