![Is $_SERVER['REMOTE_ADDR'] a Reliable Source for Client IP?](https://img.php.cn/upload/article/000/000/000/173185224726330.jpg)
Can We Depend on $_SERVER['REMOTE_ADDR']?
In web development, $_SERVER['REMOTE_ADDR'] holds the IP address of the client making the request. Its reliability, however, raises concerns.
Is It Trustworthy?
Yes, trusting $_SERVER['REMOTE_ADDR'] is generally considered secure. It represents the source IP address of the TCP connection and cannot be manipulated by altering HTTP headers.
A Note on Reverse Proxies
In the rare instance that you utilize a reverse proxy, the REMOTE_ADDR will reflect the proxy server's IP, not the user's. In this scenario, the user's IP may be available through an HTTP header (e.g., X-Forwarded-For).
Example Usage
Consider the following code:
if ($_SERVER['REMOTE_ADDR'] == '222.222.222.222') { // my ip address
$grant_all_admin_rights = true;
}This code grants admin rights based on a specific IP address. While it's a simplified example, the use of $_SERVER['REMOTE_ADDR'] for access control is generally accepted practice.
The above is the detailed content of Is $_SERVER['REMOTE_ADDR'] a Reliable Source for Client IP?. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
