The Client IP address needs to be obtained in the project, and relevant information is searched on the Internet. Here I will summarize some of my usage.
For future reference.
Generally, we obtain the IP address through the following code:
String IP = system. Web. httpcontext. Current. Request. userhostaddress;
Or string IP = system. Web. httpcontext. Current. Request. servervariables ["remote_addr"];
Remote_addr description:
The IP address used to access the client.
You cannot modify this information.
If it is changed, you cannot connect to the server. The server establishes a connection with the client and communicates with the client. Actually, I tested and modified this servervariables, but it didn't work at all. The actual value is still obtained.
However, if a user uses a proxy server, the above Code obtains the IP address of the proxy server. If the user uses multiple proxy servers, the IP address of the last proxy server that reaches the server.
How can I obtain the real IP address of a user by bypassing the proxy server?
Private Static string getip ()
{
If (system. Web. httpcontext. Current. Request. servervariables ["http_via"]! =
Null)
Return System. Web. httpcontext. Current. Request. servervariables ["http_x_forwarded_for"]. Split (New
Char [] {','}) [0];
Else
Return System. Web. httpcontext. Current. Request. servervariables ["remote_addr"];
}
Request. servervariables ["http_via"], servervariables ["http_x_forwarded_for"], and request. servervariables ["remote_addr"] have the following values:
I. No proxy server is used:
Remote_addr = user's IP address
Http_via = no value or no display
Http_x_forwarded_for = no value or no display
Ii. Transparent proxy server: transparent proxies
Remote_addr = IP address of the last Proxy Server
Http_via = Proxy Server IP Address
Http_x_forwarded_for = the real IP address of the user. When multiple proxy servers are used, the value is similar to the following: 203.98.182.163, 203.98.182.163, 203.129.72.215.
This type of proxy server still forwards your information to your access object, which cannot hide your real identity.
Iii. Normal anonymous proxy server: anonymous proxies
Remote_addr = IP address of the last Proxy Server
Http_via = Proxy Server IP Address
Http_x_forwarded_for = Proxy Server IP address. When multiple proxy servers are used, this value is similar to the following: 203.98.1820.3, 203.98.1820.3, 203.129.72.215.
Your real IP address is hidden, but you are disclosed to the access object that you use the proxy server to access them.
Iv. destorting proxies
Remote_addr = Proxy Server IP Address
Http_via = Proxy Server IP Address
Http_x_forwarded_for = random IP address. When multiple proxy servers are used, the value is as follows: 203.98.182.163, 203.98.182.163, 203.129.72.215.
It tells the access object that you used the proxy server, but fabricated a false random IP address instead of your real IP address to cheat it.
So getip () is not the best, because you can make up a fake IP, the specific approach to see the http://www.cnblogs.com/kingthy/archive/2007/11/24/970783.html
Summary:
"Request. userhostaddress "is trusted. however, in this case, the real IP addresses of users who have used the proxy server cannot be obtained (because at this time, the request. userhostaddress obtains the IP address of the proxy server )..
Getip () has security risks
It depends on your choice.
References:
Http://blog.joycode.com/ghj/archive/2008/02/20/114827.aspx
Http://www.cnblogs.com/kingthy/archive/2007/11/24/970783.html