Common methods for getting user IP addresses and common security risks (HTTP_X_FORWARDED_FOR) _ PHP Tutorial

Common methods for obtaining user IP addresses and common security risks (HTTP_X_FORWARDED_FOR ). The analysis process is common and frequently used in some projects to obtain user Ip addresses and record user operation behaviors. Generally, you will see the following generic IP addresses. Analysis process
This is a common and frequently used record of user Ip addresses and user operation behaviors in some projects. Generally, you will see the following general IP address acquisition methods.

The code is as follows:

Function getIP (){
If (isset ($ _ SERVER ['http _ X_FORWARDED_FOR ']) {
$ Realip = $ _ SERVER ['http _ X_FORWARDED_FOR '];
} Elseif (isset ($ _ SERVER ['http _ CLIENT_IP ']) {
$ Realip = $ _ SERVER ['http _ CLIENT_IP '];
} Else {
$ Realip = $ _ SERVER ['remote _ ADDR '];
}
Return $ realip;
}

This is a common method for obtaining ip addresses from the internet. IP functions use these values to obtain ip addresses. First, we need to figure out where the data is transmitted.

IP address retrieval source

1. 'remote _ ADDR 'is the remote ip address, which is from the client Ip address of the tcp connection by default. It can be said that it is the most accurate. it is determined that only the IP address of the client directly connected to the server will be obtained. If the other party accesses the Internet through the proxy server, it will find. The proxy server IP address is obtained.

For example, a-> B (proxy)-> c. If c uses 'remote _ ADDR ', only the IP address of B can be obtained and the IP address of a cannot be obtained.

In addition, it is very difficult to tamper with the IP address. The php server value is directly generated when it is passed.

2. 'http _ X_FORWARDED_FOR 'and 'http _ CLIENT_IP' are used to obtain the original user IP address or proxy IP address in a large network. Extends the HTTp protocol. Defines the object header.

HTTP_X_FORWARDED_FOR = clientip, proxy1, and proxy2 are separated. HTTP_CLIENT_IP stands for the proxy server IP address in the advanced anonymous proxy. Since the http protocol extends an object header and this value is trusted to the incoming end, the incoming end is trusted to enter the object in the Rule format. The following uses the x_forword_for example to describe how this value changes normally.




Analysis of Bug risks:

After analysis, we found that these variables come from the x-forword-for field of the http request and the client-ip field. The normal proxy server, of course, will pass these values according to rfc specifications. However, what if a user directly constructs the x-forword-for value and sends it to the user?

Figure (1)

Step 2: modify the x-forword-fox value. let's take a look at the result.

Step 3: Let's modify it again to see what will happen?

Haha, we don't see the result above. x-forwarded-for can not only set its own value, but also set any format value. In this way, a field can be directly written into any value. In addition, the server reads data directly, writes data to the database, or displays the data. It brings risks. it is the same as the data source result that does not perform any filtering detection on the input. And it is easy to cause concealment.

Conclusion:

In the above getip function, in addition to the client, the IP address can be forged and any format IP address can be input. This results in two major problems: first, if you set a page, IP address restrictions will be imposed. The other party can easily modify the IP address and constantly request this page. Second, if you use this type of data directly, it may cause SQL registration, cross-site attacks, and other vulnerabilities. As for the first step, you can impose restrictions on the business. it is best not to use IP address restrictions. Second, this type can bring huge network risks. We must correct it.

Modify the getip to obtain a safe getip function.

In fact, this type of problem is very likely to occur. I used it to cheat a lot of camouflage voting. With its concealment, we only need to figure out some values. After understanding its principles, it is very easy to fix such bugs.

There are three steps to develop technology. we need to do this first and solve the problem. then we need to think about why we want to do this, what is the reason, how we do it, and whether there are other methods. Ask yourself more and find that you are getting closer and closer to the technical truth. You will be more and more comfortable with your work!

Author: chengmo QQ: 8292669

This is a common and frequently used project that records user Ip addresses and user operations. Generally, you will see the following generic IP address acquisition...