PHP / AJAX REMOTE_ADDR设置为正常的网络适配器的IP [英] php / ajax REMOTE_ADDR set to IP of bogus network adapter
问题描述
今天我来到一个跨越我的一个基于PHP应用程序的pretty的奇怪的行为。 在该系统中有一个UI制作使用的某一部分的AJAX调用,以填补名单 盒,从后端含量
today I came a across a pretty strange behaviour of an php based application of mine. In a certain part of the system there's an UI making use of AJAX-calls to fill list boxes with content from the backend.
现在,AJAX的侦听器执行所有传入的请求进行安全检查,确保 只有有效的客户端IP地址得到响应。的有效的IP存储在后端太
Now, the AJAX listener performs a security check on all incoming requests, making sure that only valid client IPs get responses. The valid IP are stored in the backend too.
要获取客户端的IP我用普通的老式
To get the client's IP I used plain old
$_SERVER['REMOTE_ADDR']
能够统计出的大部分客户。今天,我遇到了一个安装在哪里 REMOTE_ADDR载有was'nt一个其中执行的网络适配器的IP 我的应用程序的实际通信。
which works out for most of the clients. Today I ran into an installation where remote_addr contained the IP of an network adapter which was'nt that one which performed the actual communication for my application.
周围的Googling agve我在topuic 一罗山的博客文章>:
Googling around agve me Roshan's Blog entry on the topuic:
function getRealIpAddr()
{
if (!empty($_SERVER['HTTP_CLIENT_IP'])) //check ip from share internet
{
$ip=$_SERVER['HTTP_CLIENT_IP'];
}
elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))//check ip is pass from prxy
{
$ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}
else
{
$ip=$_SERVER['REMOTE_ADDR'];
}
return $ip;
}
可悲的是问题仍然存在。
Sadly the problem persists.
有没有人曾经跌入这样的问题(其实我不认为我发现了一个完全地新问题^^),并有一个想法,我如何解决这一问题?
Did anybody ever stumble into this sort of problem (actually I don't think that I discovered a completly new issue ^^) and has an idea for me how to fix this?
编辑:
我在
- 在PHP版本5.2.9-1
- 的Apache / 2.2.9(Win32的)
的通信是通过一个普通网卡完成。现在的实际工作的客户端有几个 设备的更多。的VMnet适配器和这样的。
The communication is done via a regular LAN card. Now the actuall client has several devices more. VMNet adapters and such.
我不知道如何在客户端配置可以干扰的Web服务器那么多......
I'm wondering how a client configuration can 'disturb' a web server that much...
TIA
K
推荐答案
不幸的是,你必须采取所有的IP信息与一粒盐。
Unfortunately, you have to take all IP information with a grain of salt.
的IP地址通过取分组中的请求期间收集和请求信息考虑在内。不幸的是,这些信息可以很容易伪造或甚至是不正确的(基于大量的网络的概率),不应被用于除梳妆台目的什么了。
IP addresses are gathered during the request by taking the packet and request information into account. Sadly, this information can easily be spoofed or even be incorrect (based on a large number of network probabilities) and should not be used for anything more than vanity purposes.
这篇关于PHP / AJAX REMOTE_ADDR设置为正常的网络适配器的IP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!