Can I fool HttpRequest.Current.Request.IsLocal?

前端 未结 4 1775
-上瘾入骨i
-上瘾入骨i 2021-02-08 07:44

I\'m running a web application that displays some debugging behavior if it\'s being run locally - quotes around resource strings, etc - and I\'d like to demo the application on

相关标签:
4条回答
  • 2021-02-08 08:24

    Request.IsLocal property implements the following code :

    public bool IsLocal { 
                get {
                    String remoteAddress = UserHostAddress; 
    
                    // if unknown, assume not local
                    if (String.IsNullOrEmpty(remoteAddress))
                        return false; 
    
                    // check if localhost 
                    if (remoteAddress == "127.0.0.1" || remoteAddress == "::1") 
                        return true;
     
                    // compare with local address
                    if (remoteAddress == LocalAddress)
                        return true;
     
                    return false;
                } 
    

    Source : Decompiled source code (Microsoft : referencesource.microsoft.com )

    Hope this helps !

    0 讨论(0)
  • 2021-02-08 08:30

    That would require spoofing a non-local IP address in requests to your local instance of IIS. I think you'd probably spend less time just making a demo build than trying to make that work.

    0 讨论(0)
  • 2021-02-08 08:31

    I believe this is true, but cannot verify right now.

    IsLocal returns True when the site is bound to the loopback address 127.0.0.1.

    If you make sure in IIS that your website is bound to one of your machine's non-loopback addresses (i.e. 192.168.1.100), then IsLocal should return False.

    Cassini, by definition, is always local, since it can only bind to the loopback address.

    0 讨论(0)
  • 2021-02-08 08:41

    If your server has multiple ip addresses, you'll need some extra code. The following handles multiple ip addresses, and handles CDN like cloudflare which will have the wrong ip address in the Request.UserHostAddress property.

    Code:

    private bool IsLocal()
    {
        if (Request.IsLocal)
        {
            return true;
        }
        string forwardIP = Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
        foreach (NetworkInterface netInterface in NetworkInterface.GetAllNetworkInterfaces())
        {
            IPInterfaceProperties ipProps = netInterface.GetIPProperties();
            foreach (UnicastIPAddressInformation addr in ipProps.UnicastAddresses)
            {
                string ipString = addr.Address.ToString();
                if (Request.UserHostAddress == ipString || forwardIP == ipString)
                {
                    return true;
                }
            }
        }
        return false;
    }
    
    0 讨论(0)
提交回复
热议问题