发表新帖
发表新帖

Can I fool HttpRequest.Current.Request.IsLocal?

前端 未结
关注
4 1765
-上瘾入骨i
-上瘾入骨i 2021-02-08 07:44

I\'m running a web application that displays some debugging behavior if it\'s being run locally - quotes around resource strings, etc - and I\'d like to demo the application on

相关标签:
4条回答
  • [愿得一人]
    2021-02-08 08:24

    Request.IsLocal property implements the following code :

    public bool IsLocal { 
            get {
                String remoteAddress = UserHostAddress; 

                // if unknown, assume not local
                if (String.IsNullOrEmpty(remoteAddress))
                    return false; 

                // check if localhost 
                if (remoteAddress == "127.0.0.1" || remoteAddress == "::1") 
                    return true;
 
                // compare with local address
                if (remoteAddress == LocalAddress)
                    return true;
 
                return false;
            }

    Source : Decompiled source code (Microsoft : referencesource.microsoft.com )

    Hope this helps !

    0 讨论(0)
  • 臣服心动
    2021-02-08 08:30

    That would require spoofing a non-local IP address in requests to your local instance of IIS. I think you'd probably spend less time just making a demo build than trying to make that work.

    0 讨论(0)
  • 我在风中等你
    2021-02-08 08:31

    I believe this is true, but cannot verify right now.

    IsLocal returns True when the site is bound to the loopback address 127.0.0.1.

    If you make sure in IIS that your website is bound to one of your machine's non-loopback addresses (i.e. 192.168.1.100), then IsLocal should return False.

    Cassini, by definition, is always local, since it can only bind to the loopback address.

    0 讨论(0)
  • 花落未央
    2021-02-08 08:41

    If your server has multiple ip addresses, you'll need some extra code. The following handles multiple ip addresses, and handles CDN like cloudflare which will have the wrong ip address in the Request.UserHostAddress property.

    Code:

    private bool IsLocal()
{
    if (Request.IsLocal)
    {
        return true;
    }
    string forwardIP = Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
    foreach (NetworkInterface netInterface in NetworkInterface.GetAllNetworkInterfaces())
    {
        IPInterfaceProperties ipProps = netInterface.GetIPProperties();
        foreach (UnicastIPAddressInformation addr in ipProps.UnicastAddresses)
        {
            string ipString = addr.Address.ToString();
            if (Request.UserHostAddress == ipString || forwardIP == ipString)
            {
                return true;
            }
        }
    }
    return false;
}
    0 讨论(0)
 看不清?
提交回复
热议问题