Many interactive web pages, such as online voting, online answer, online surveys and online sweepstakes, in general, will be the user's IP as restrictions, limiting the number of users to participate in activities of the same IP.
Network popular with many of the so-called take real client IP code, nothing less than the origin are by checking the agency to obtain the so-called "real IP, but the IP is really" real "? I do not think such practices seem to have some smart anti cleverness.
As we all know, web access protocol is HTTP, the communication process in this agreement, almost no credible data. The reason I say that is because all of the HTTP protocol data are forged, and the only real request page direct client IP. This IP REMOTE_ADDR to get through the HTTP environment variable, which can be said is the only credible address data, while the other two environment variables HTTP_CLIENT_IP HTTP_X_FORWARDED_FOR indicates proxy source path IP, but unfortunately, these data are not reliable, unless you are sure that the proxy server is reliable, but this is almost impossible.
Here, in the end how to obtain more reliable client IP before, my point is REMOTE_ADDR to the direct request of the IP source, because it is the only reliable data. If we trust In addition, two proxy server IP information using the so-called popular on the network to take a real IP? The result is very bad, we will easily be hackers forged proxy antecedents IP, then maxed out the results of our voting data.
So, when the need to determine and limit IP, do not consider the so-called proxy IP, those are clouds, there is no reliable information to prevent IP spoofing fly can only rely on the detection of direct access to the address.
没有评论:
发表评论