PHP 的 $_SERVER['REMOTE_ADDR'] 的可靠性 [英] Reliability of PHP'S $_SERVER['REMOTE_ADDR']

问题描述

我正在构建一个旨在从本地主机管理的站点，但包含向 Internet 或本地网络用户公开数据的页面.我可以依靠 PHP 的 $_SERVER['REMOTE_ADDR'] 作为将用户识别为本地主机的安全/可靠方式吗?谢谢！

I'm building a site that is designed to be administered from localhost, but contains pages that expose data to internet or local network users. Can I rely on PHP's $_SERVER['REMOTE_ADDR'] as a secure/reliable way of identifying the user as localhost? Thanks!

澄清一下，我只关心确定请求是否来自本地主机(也许有更好的方法).

To clarify, I am only concerned with determining whether or not the request originates from localhost (perhaps there is a better way).

推荐答案

该变量填充了 Apache(或其他 Web 服务器守护程序)提供的数据，并且在识别连接另一端的 IP 地址时应该是可靠的，是的.检查 127.x.x.x(几乎总是 127.0.0.1)和 ::1(对于 IPv6).正如 Senica 所说，它可能并不总是存在(例如，从命令行而不是通过 Web 服务器运行时).但是如果填满了，应该是靠谱的.

That variable is filled with data provided by Apache (or another web server daemon) and should be reliable in identifying the IP address on the other end of the connection, yes. Check for 127.x.x.x (almost always 127.0.0.1) and ::1 (for IPv6). As Senica says, it may not always exist (for example, when running from the command line rather than through the web server). But if it is filled, it should be reliable.

为了能够伪造它，某些人已经需要对您的网络和系统进行相当广泛的访问，而您无论如何都无法使用 PHP 进行防护.

To be able to fake it, somebody already needs pretty extensive access to your network and system in a way that you can't protect against with PHP anyway.

这篇关于PHP 的 $_SERVER['REMOTE_ADDR'] 的可靠性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！