SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    SitePoint Addict
    Join Date
    Feb 2003
    Location
    eez
    Posts
    331
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    2 Questions concerning visitor's IP

    If $_SERVER['REMOTE_ADDR'] contains a non-empty string, is it the visitor's IP address for sure??

    Or can the visitor put what he/she wants in $_SERVER['REMOTE_ADDR'] ??

    Here's my script:

    PHP Code:
     if (!$_SERVER['REMOTE_ADDR']) 
    you damn hacka boy get out from your ****** proxy server 

    Is that correct???

    fanks

  2. #2
    SitePoint Evangelist
    Join Date
    Apr 2006
    Location
    Halifax, Canada
    Posts
    498
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The user can't spoof the IP, but if they are using a proxy, the IP will be the IP of the proxy, not their own.
    Paul Butler.org
    JSSpamBlock - Reduce WordPress spam.

  3. #3
    Keep it simple, stupid! bokehman's Avatar
    Join Date
    Jul 2005
    Posts
    1,935
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by aqw
    If $_SERVER['REMOTE_ADDR'] contains a non-empty string, is it the visitor's IP address for sure??

    Or can the visitor put what he/she wants in $_SERVER['REMOTE_ADDR'] ??
    $_SERVER['REMOTE_ADDR'] is the IP where your server sends the requested page so of course it can't be an empty string or spoofed; that doesn't mean it's the final client's IP though.

  4. #4
    SitePoint Addict
    Join Date
    Feb 2003
    Location
    eez
    Posts
    331
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    got 2 contradictory answers here... who's right?

  5. #5
    SitePoint Wizard silver trophy
    Join Date
    Mar 2006
    Posts
    6,132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    its not contradictory.

  6. #6
    SitePoint Addict
    Join Date
    Feb 2003
    Location
    eez
    Posts
    331
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    sorry I read "it can be an empty string" instead of "it can't"...

    thank you!

  7. #7
    SitePoint Addict
    Join Date
    Feb 2003
    Location
    eez
    Posts
    331
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What will $_SERVER['REMOTE_ADDR'] be when the user is behind a proxy server? (when $_SERVER['HTTP_X_FORWARDED_FOR'] if defined).

  8. #8
    Keep it simple, stupid! bokehman's Avatar
    Join Date
    Jul 2005
    Posts
    1,935
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    A typical example of a proxy is a DSL router. Only the IP of the router is shown to the remote server. There is no indication whatsoever to the remote server that the client is not at the IP from which the request originates.

  9. #9
    SitePoint Addict
    Join Date
    Feb 2003
    Location
    eez
    Posts
    331
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    so not even HTTP_X_FORWARDED_FOR is defined????

  10. #10
    Keep it simple, stupid! bokehman's Avatar
    Join Date
    Jul 2005
    Posts
    1,935
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by aqw
    so not even HTTP_X_FORWARDED_FOR is defined????
    No matter how many times you ask the same question the answer will not change. That is a user defined variable and may be present in a small percentage of cases. If it is present it will not be a case of someone hiding behind a proxy but a large ISP that diverts all requests through a proxy cache.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •