Home > Backend Development > PHP Tutorial > Is $_SERVER['REMOTE_ADDR'] a Reliable Source for Client IP?

Is $_SERVER['REMOTE_ADDR'] a Reliable Source for Client IP?

Patricia Arquette
Release: 2024-11-17 22:04:02
Original
194 people have browsed it

Is $_SERVER['REMOTE_ADDR'] a Reliable Source for Client IP?

Can We Depend on $_SERVER['REMOTE_ADDR']?

In web development, $_SERVER['REMOTE_ADDR'] holds the IP address of the client making the request. Its reliability, however, raises concerns.

Is It Trustworthy?

Yes, trusting $_SERVER['REMOTE_ADDR'] is generally considered secure. It represents the source IP address of the TCP connection and cannot be manipulated by altering HTTP headers.

A Note on Reverse Proxies

In the rare instance that you utilize a reverse proxy, the REMOTE_ADDR will reflect the proxy server's IP, not the user's. In this scenario, the user's IP may be available through an HTTP header (e.g., X-Forwarded-For).

Example Usage

Consider the following code:

if ($_SERVER['REMOTE_ADDR'] == '222.222.222.222') { // my ip address
    $grant_all_admin_rights = true;
}
Copy after login

This code grants admin rights based on a specific IP address. While it's a simplified example, the use of $_SERVER['REMOTE_ADDR'] for access control is generally accepted practice.

The above is the detailed content of Is $_SERVER['REMOTE_ADDR'] a Reliable Source for Client IP?. For more information, please follow other related articles on the PHP Chinese website!

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template