Usually we get the IP from the following code:
- REMOTE_ADDR Description: access the IP address of the client .
- This information cannot be modified by the user. If you really change, you can not connect with the server, the server is to follow this to establish a connection with the client and communicate. Actually I test to modify this ServerVariables, no effect at all. Still getting is the actual value.
string IP =system.web.httpcontext.current.request.userhostaddress;string IP = system.web.httpcontext.current.request.servervariables["REMOTE_ADDR"];
However, if the user uses a proxy server, the above code obtains the IP address of the proxy server, and if the user uses more than one proxy server, it is the IP address of the last proxy server that arrives at the server.
How to bypass the proxy server to get the real IP address of the user?
private static string GetIP () { if (system.web.httpcontext.current.request.servervariables["Http_via"]! = NULL) return system.web.httpcontext.current.request.servervariables["Http_x_forwarded_for"]. Split (new char[] {', '}) [0]; else return system.web.httpcontext.current.request.servervariables["REMOTE_ADDR"]; }
request.servervariables["http_via"], servervariables["http_x_forwarded_ for"],request.servervariables["remote_addr"]
The values are divided into the following situations:
One, not using the proxy server situation:
REMOTE_ADDR = User's IP
Http_via = no value or no display
Http_x_forwarded_for = no value or no display
Second, the use of transparent proxy server situation: Transparent Proxies
REMOTE_ADDR = Last Proxy server IP
Http_via = Proxy Server IP
http_x_forwarded_for = User's real IP, after multiple proxy servers, this value is similar to the following: 203.98.182.163, 203.98.182.163, 203.129.72.215.
This type of proxy server also forwards your information to your Access object, and does not achieve the purpose of hiding the true identity.
Third, the use of ordinary anonymous proxy server situation: Anonymous Proxies
REMOTE_ADDR = Last Proxy server IP
Http_via = Proxy Server IP
Http_x_forwarded_for = Proxy IP, after multiple proxies, this value resembles the following: 203.98.182.163, 203.98.182.163, 203.129.72.215.
Hides your real IP, but reveals to the Access object that you are using a proxy server to access them.
Iv. use of deceptive proxy servers: distorting Proxies
REMOTE_ADDR = Proxy Server IP
Http_via = Proxy Server IP
Http_x_forwarded_for = Random IP, after multiple proxy servers, this value is similar to the following: 203.98.182.163, 203.98.182.163, 203.129.72.215.
Tells the Access object that you used a proxy server, but fabricated a bogus random IP to spoof it instead of your real IP.
So GetIP () is not the best, because it can be fabricated a fake IP, the concrete way to see http://www.cnblogs.com/kingthy/archive/2007/11/24/970783.html
Summarize:
"Request.userhostaddress" is credible. But that would not get the real IP address of the user who used the proxy server (because at this point request.userhostaddress gets the IP of the proxy).
GetIP () also has a safety hazard.
What to do depends on your choice.
References :
Http://blog.joycode.com/ghj/archive/2008/02/20/114827.aspx
Http://www.cnblogs.com/kingthy/archive/2007/11/24/970783.html
ASP.-Get the IP address of the client