Use the following code to prevent ip spoofing to obtain the client IP address: if (getenv (HTTP_CLIENT_IP) & amp; strcasecmp (getenv (HTTP_CLIENT_IP), unknown) {& nbsp; $ onlineipgetenv (HTTP_CLIENT_IP);} elseif (getenv if it prevents ip spoofing
Run the following code to obtain the client IP address:
If (getenv ('http _ CLIENT_IP ') & strcasecmp (getenv ('http _ CLIENT_IP'), 'Unknown ')){
$ Onlineip = getenv ('http _ CLIENT_IP ');
} Elseif (getenv ('http _ X_FORWARDED_FOR ') & strcasecmp (getenv ('http _ X_FORWARDED_FOR'), 'Unknown ')){
$ Onlineip = getenv ('http _ X_FORWARDED_FOR ');
} Elseif (getenv ('remote _ ADDR ') & strcasecmp (getenv ('remote _ ADDR'), 'Unknown ')){
$ Onlineip = getenv ('remote _ ADDR ');
} Elseif (isset ($ _ SERVER ['remote _ ADDR ']) & $ _ SERVER ['remote _ ADDR '] & strcasecmp ($ _ SERVER ['remote _ ADDR'], 'Unknown ')){
$ Onlineip = $ _ SERVER ['remote _ ADDR '];
}
However, all request headers starting with HTTP _ belong to messages that can be forged on the client. in the reverse proxy environment, how can I ensure that PHP will not receive forged invalid HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR values?
------ Solution --------------------
What is the relationship between reverse proxy and forged IP addresses?
IP address cannot be fraudulent. if you want to cheat, you must use a proxy server to request you. what can you do?
------ Solution --------------------
Although the IP address on the proxy or vpn is not his own, it is a genuine IP address, just like shopping, let your store buy something called Xiao Wang, he is really called Xiao Wang, when Mr. Smith leaves, I tell him that Mr. Smith is buying something for others.
