获取客户端 IP 地址:REMOTE_ADDR、HTTP_X_FORWARDED_FOR，还有什么有用的? [英] Getting the client IP address: REMOTE_ADDR, HTTP_X_FORWARDED_FOR, what else could be useful?

问题描述

我知道查看这两个变量是一种标准做法.当然，它们很容易被欺骗.我很好奇您多久能期望这些值(尤其是 HTTP_X_FORWARDED_FOR)包含真实信息而不只是被打乱或被剥夺它们的值?

I understand it's a standard practice to look at both these variables. Of course they can easily be spoofed. I'm curious how often can you expect these values (especially the HTTP_X_FORWARDED_FOR) to contain genuine information and not just be scrambled or have their values stripped away?

任何有这方面经验或统计数据的人?

Anyone with the experience or statistics on this stuff?

还有什么可以对获取客户端 IP 地址的任务有用的吗?

Is there anything else that can be useful for the task of getting the client's IP address?

推荐答案

这取决于您网站的性质.

It depends on the nature of your site.

我碰巧开发了一些 IP 跟踪很重要的软件，并且在合作伙伴站点使用的字段中，我猜大约 20% - 40% 的请求要么是可检测的欺骗 IP，要么标头被屏蔽，具体取决于一天中的时间和他们来自哪里.对于获得自然流量(即不是通过合作伙伴)的网站，我预计良好 IP 的比例会高得多.

I happen to work on a bit of software where IP tracking is important, and within a field consumed by parter sites I'd guess some 20% - 40% of requests are either detectably spoofed IPs or headers blanked out, depending on the time of day and where they came from. For a site which gets organic traffic (i.e. not through partners) I'd expect a much higher ratio of good IPs.

正如 Kosi 所说，要小心你在做什么 - IP 绝不是识别唯一访问者的可靠方法.

As Kosi said, be careful what you're doing with this - IPs are in no way a reliable way to identify unique visitors.

这篇关于获取客户端 IP 地址:REMOTE_ADDR、HTTP_X_FORWARDED_FOR，还有什么有用的?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！