Menu
I have a website where only a couple of people can access it, so the number of IPs logged in is very limited. Everything submitted by the 'admins' logged in is sent to a specific folder dependent of their IP Address. Again they can't access the website through a proxy or anything because there's a limited range of IPs that is allowed.
Can I trust $_SERVER['REMOTE_ADDR'] to give a valid IP so the log-system would be 100 % stable and efficient ?
330
Yes, it's safe. It is the source IP of the TCP connection and can't be substituted by changing an HTTP header.
$_SERVER['REMOTE_ADDR'] Returns the IP address from where the user is viewing the current page.
Returns the IP address of the remote host making the request. This variable is specific to the current gateway program request. Type and Usage. "Environment Variables"
$_SERVER['REMOTE_ADDR'] cannot be modified by the user or via HTTP so you CAN trust it.
109
It's a basic rule that you should not trust the authenticity of a remote machine's apparent ip address for anything where forgery within the network could cause you real problems.
Secure systems authenticate not only the client to the server, but also the server to the client (to protect against impersonating the server to phish login credentials), typically using asymmetric cryptography.
41
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
