Re: Client's IP address retrival
- From: gordonb.zseeu@xxxxxxxxxxx (Gordon Burditt)
- Date: Thu, 28 Jul 2005 17:30:06 -0000
>> If say you wanted to ban users from a particular IP then I wouldn't
>> trust this method, but if you just want the IP for cosmetic reasons
>> then I'm sure you can live with the pitfalls.
>
>could you can do it with php....
>this may not work with annonymous proxies...
It also won't work with non-proxies operated by users annoying
enough that you want to ban them (if the reason for getting the IP
is to ban someone). It's easy enough for someone to add a fake
header, especially if they are using telnet (or CURL) as a browser.
Or, they can set up their own proxy on their own machine, rigged
to send a fake HTTP_X_FORWARDED_FOR header.
If you are trying to track abuse, you should at least log *BOTH* of
these variables. If the user is abusive, HTTP_X_FORWARDED_FOR
can be a complete fake. REMOTE_ADDR at least gives you an idea
of which ISP to complain to if the problem gets serious enough.
>but most ISP's should forward this header.
>
>if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
>{
> $userip = $_SERVER['HTTP_X_FORWARDED_FOR'];
>}
>else
>{
> $userip = $_SERVER['REMOTE_ADDR'];
>}
Gordon L. Burditt
.
- References:
- Client's IP address retrival
- From: varungupta
- Re: Client's IP address retrival
- From: Dave
- Re: Client's IP address retrival
- From: Rob
- Client's IP address retrival
- Prev by Date: Re: Client's IP address retrival
- Next by Date: Re: Zip code
- Previous by thread: Re: Client's IP address retrival
- Next by thread: Re: Client's IP address retrival
- Index(es):
Relevant Pages
|
