curl雖然功能強大,但是只能偽造$_SERVER["HTTP_X_FORWARDED_FOR"],對於大多數IP地址檢測程式來說,$_SERVER["REMOTE_ADDR"]很難被偽造:
首先是client.php的代碼
複製代碼 代碼如下:
$headers['CLIENT-IP'] = '202.103.229.40';
$headers['X-FORWARDED-FOR'] = '202.103.229.40';
$headerArr = array();
foreach( $headers as $n => $v ) {
$headerArr[] = $n .':' . $v;
}
ob_start();
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, "http://localhost/curl/server.php");
curl_setopt ($ch, CURLOPT_HTTPHEADER , $headerArr ); //構造IP
curl_setopt ($ch, CURLOPT_REFERER, "http://www.163.com/ "); //構造來路
curl_setopt( $ch, CURLOPT_HEADER, 1);
curl_exec($ch);
curl_close ($ch);
$out = ob_get_contents();
ob_clean();
echo $out;
然後是server.php
複製代碼 代碼如下:
function GetIP(){
if(!emptyempty($_SERVER["HTTP_CLIENT_IP"]))
$cip = $_SERVER["HTTP_CLIENT_IP"];
else if(!emptyempty($_SERVER["HTTP_X_FORWARDED_FOR"]))
$cip = $_SERVER["HTTP_X_FORWARDED_FOR"];
else if(!emptyempty($_SERVER["REMOTE_ADDR"]))
$cip = $_SERVER["REMOTE_ADDR"];
else
$cip = "無法擷取!";
return $cip;
}
echo "<br>訪問IP: ".GetIP()."<br>";
echo "<br>訪問來路: ".$_SERVER["HTTP_REFERER"];
