Obtain the Client IP address. Is HTTP_CLIENT_IP a scam?

Obtain the Client IP address. Many codes use the value of HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, and REMOTE_ADDR. For more information, see www. douban. comgrouptopic27482290. Obtain the Client IP address and verify that the IP address code is... get the client IP address. HTTP_CLIENT_IPValue, followed HTTP_X_FORWARDED_FORAnd finally REMOTE_ADDR.
For a discussion of this, see http://www.douban.com/group/topic/27482290/.
Obtain the Client IP address and verify the IP address code.

The following is a summary of the answer.
1.HTTP_CLIENT_IPThere are some headers, but not all servers are implemented.
2.HTTP_X_FORWARDED_FORThere is a standard definition for identifyingHTTP ProxyThe IP address of the client. format:clientip,proxy1,proxy2. For more information, see http://zh.wikipedia.org/wiki/X-Forwarded-For.
3.REMOTE_ADDRIt's reliable. It's the last one to shake hands with your server.IPIt may be your proxy server or your own reverse proxy.
About forgery:HTTP_*Headers are easy to forge. For example, the Firefox plug-in is used for forgery.x-forwarded_forThe IP address is8.8.8.8In this case, clear the cookie and then access the http://www.58.com, it will think you are8.8.8.8. Reference: Another issue about counterfeit IP addresses on sf
A good IP address retrieval code:

Function get_client_ip () {foreach (array ('HTTP _ CLIENT_IP ', 'HTTP _ X_FORWARDED_FOR', 'HTTP _ x_forwarded', 'HTTP _ X_CLUSTER_CLIENT_IP ', 'HTTP _ FORWARDED_FOR ', 'http _ forwarded', 'remote _ ADDR ') as $ key) {if (array_key_exists ($ key, $ _ SERVER) {foreach (explode (',', $ _ SERVER [$ key]) as $ ip) {$ ip = trim ($ ip); // filters out the IP addresses of the reserved and private address segments, for example, 127.0.0.1 will be filtered out. // You can also modify it to a regular-expression-Based IP address. if (bool) filter_var ($ ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE | )) {return $ ip ;}}} return null ;}

For more information, see @ joyqi. In some cases, you can only obtainREMOTE_ADDR(PS: Generally, this is not the case)

Reply content:

Obtain the Client IP address.HTTP_CLIENT_IPValue, followedHTTP_X_FORWARDED_FORAnd finallyREMOTE_ADDR.
For a discussion of this, see http://www.douban.com/group/topic/27482290/.
Obtain the Client IP address and verify the IP address code.

The following is a summary of the answer.
1.HTTP_CLIENT_IPThere are some headers, but not all servers are implemented.
2.HTTP_X_FORWARDED_FORThere is a standard definition for identifyingHTTP ProxyThe IP address of the client. format:clientip,proxy1,proxy2. For more information, see http://zh.wikipedia.org/wiki/X-Forwarded-For.
3.REMOTE_ADDRIt's reliable. It's the last one to shake hands with your server.IPIt may be your proxy server or your own reverse proxy.
About forgery:HTTP_*Headers are easy to forge. For example, the Firefox plug-in is used for forgery.x-forwarded_forThe IP address is8.8.8.8In this case, clear the cookie and then access the http://www.58.com, it will think you are8.8.8.8. Reference: Another issue about counterfeit IP addresses on sf
A good IP address retrieval code:

Function get_client_ip () {foreach (array ('HTTP _ CLIENT_IP ', 'HTTP _ X_FORWARDED_FOR', 'HTTP _ x_forwarded', 'HTTP _ X_CLUSTER_CLIENT_IP ', 'HTTP _ FORWARDED_FOR ', 'http _ forwarded', 'remote _ ADDR ') as $ key) {if (array_key_exists ($ key, $ _ SERVER) {foreach (explode (',', $ _ SERVER [$ key]) as $ ip) {$ ip = trim ($ ip); // filters out the IP addresses of the reserved and private address segments, for example, 127.0.0.1 will be filtered out. // You can also modify it to a regular-expression-Based IP address. if (bool) filter_var ($ ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE | )) {return $ ip ;}}} return null ;}

For more information, see @ joyqi. In some cases, you can only obtainREMOTE_ADDR(PS: Generally, this is not the case)

REMOTE_ADDRIt cannot be explicitly forged. Although you can hide an IP address through a proxy, this address still has reference value because it is the IP address actually connected to your server.

In contrast, the first two IP addresses can both be forged using http headers, but they do not mean they are useless. In the production environment, many servers are hidden behind the Server Load balancer node.REMOTE_ADDROnly the IP address of the Server Load balancer node can be obtained.HTTP_CLIENT_IPOrHTTP_X_FORWARDED_FORThese two http headers are passed

It is trustable to read this value from the backend, because it is what the Server Load balancer node tells you, not the client. However, when your server is directly exposed to the front of the client, do not trust the two read methods. You only need to readREMOTE_ADDRThat's all.