Menu
Is it safe to assume that $_SERVER['REMOTE_ADDR'] always returns a IPv4 address?
Thanks!
715
The REMOTE_ADDR key is set by the web server, not PHP. If the web server listens on v6 and the user connects that way, it'll be a v6 address
64
I have seen a bad IP address reported to php in REMOTE_ADDR from Apache 2.
It was '183.60..244.37'.
So the answer to your question, "Is it safe to assume...", I think is definitely no, REMOTE_ADDR can not be trusted.
As far as I know it is reported to PHP from the server, in my case Apache. Why it was bad I am still trying to figure out. I do know this. It came in as part of a batch of attack requests. Sometimes it was 183.60.244.37 and sometimes it was 183.60..244.37.
See also this.
20
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
