PHP / AJAX REMOTE_ADDR设置为正常的网络适配器的IP [英] php / ajax REMOTE_ADDR set to IP of bogus network adapter

问题描述

今天我来到一个跨越我的一个基于PHP应用程序的pretty的奇怪的行为。 在该系统中有一个UI制作使用的某一部分的AJAX调用，以填补名单 盒，从后端含量

today I came a across a pretty strange behaviour of an php based application of mine. In a certain part of the system there's an UI making use of AJAX-calls to fill list boxes with content from the backend.

现在，AJAX的侦听器执行所有传入的请求进行安全检查，确保 只有有效的客户端IP地址得到响应。的有效的IP存储在后端太

Now, the AJAX listener performs a security check on all incoming requests, making sure that only valid client IPs get responses. The valid IP are stored in the backend too.

要获取客户端的IP我用普通的老式

To get the client's IP I used plain old

$_SERVER['REMOTE_ADDR']

能够统计出的大部分客户。今天，我遇到了一个安装在哪里 REMOTE_ADDR载有was'nt一个其中执行的网络适配器的IP 我的应用程序的实际通信。

which works out for most of the clients. Today I ran into an installation where remote_addr contained the IP of an network adapter which was'nt that one which performed the actual communication for my application.

周围的Googling agve我在topuic ：

Googling around agve me Roshan's Blog entry on the topuic:

function getRealIpAddr()
{
    if (!empty($_SERVER['HTTP_CLIENT_IP']))   //check ip from share internet
    {
      $ip=$_SERVER['HTTP_CLIENT_IP'];
    }
    elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))//check ip is pass from prxy
    {
      $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
    }
    else
    {
      $ip=$_SERVER['REMOTE_ADDR'];
    }
    return $ip;
}

可悲的是问题仍然存在。

Sadly the problem persists.

有没有人曾经跌入这样的问题（其实我不认为我发现了一个完全地新问题^^），并有一个想法，我如何解决这一问题？

Did anybody ever stumble into this sort of problem (actually I don't think that I discovered a completly new issue ^^) and has an idea for me how to fix this?

编辑：

我在

• 在PHP版本5.2.9-1
• 的Apache / 2.2.9（Win32的）

的通信是通过一个普通网卡完成。现在的实际工作的客户端有几个 设备的更多。的VMnet适配器和这样的。

The communication is done via a regular LAN card. Now the actuall client has several devices more. VMNet adapters and such.

我不知道如何在客户端配置可以干扰的Web服务器那么多......

I'm wondering how a client configuration can 'disturb' a web server that much...

TIA

K

推荐答案

不幸的是，你必须采取所有的IP信息与一粒盐。

Unfortunately, you have to take all IP information with a grain of salt.

的IP地址通过取分组中的请求期间收集和请求信息考虑在内。不幸的是，这些信息可以很容易伪造或甚至是不正确的（基于大量的网络的概率），不应被用于除梳妆台目的什么了。

IP addresses are gathered during the request by taking the packet and request information into account. Sadly, this information can easily be spoofed or even be incorrect (based on a large number of network probabilities) and should not be used for anything more than vanity purposes.

这篇关于PHP / AJAX REMOTE_ADDR设置为正常的网络适配器的IP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！