Can we spoof $_SERVER['REMOTE_ADDR'] / user ip with php cURL?

前端 未结 1 1846
心在旅途
心在旅途 2021-02-09 09:13

Well the title basically says it.

But for more info . .

This method works but . .

$ip = \'1.1.1.1\';
curl_setopt($handle, CURLOPT_HTTPHEADER, ar         


        
相关标签:
1条回答
  • 2021-02-09 10:01

    No. $_SERVER['REMOTE_ADDR'] is the actual physical IP address the client used to connect to the webserver, as confirmed by a three-way TCP handshake. There's no way to fake this by setting simple HTTP headers. You also cannot make the webserver/PHP overwrite this value with something else in any way. $_SERVER['REMOTE_ADDR'] is set from TCP connection information, period.

    To actually spoof an IP address, you have to go much deeper into the actual network layer and have some level of control over network equipment/man in the middle positions/proxies/whatnot to actually be able to establish a TCP connection from an IP address other than the one you're establishing it from.

    Is there a way for countering the method OR Is there a way to get the ACTUAL REAL IP of a user?

    No. "The actual IP address of the user" is the address your webserver received the connection from, period. There is no other address for you. The client connects to your server from a certain IP, this is confirmed with a three-way TCP handshake, that's the only address you know for this client. This client may be a proxy or a NAT router (i.e. a proxy) or something else, you simply do not know and neither should it make any difference to you.

    0 讨论(0)
提交回复
热议问题