php curl fake IP and origin

$headers['CLIENT-IP'] = '202.103.229.40';
$headers['X-FORWARDED-FOR'] = '202.103.229.40';

$headerArr = array();
foreach( $headers as $n => $v ) {
    $headerArr[] = $n .':' . $v;
}

ob_start();
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, "http://localhost/curl/server.php");
curl_setopt ($ch, CURLOPT_HTTPHEADER , $headerArr );  //构造IP
curl_setopt ($ch, CURLOPT_REFERER, "http://bbs.it-home.org/ ");   //构造来路
curl_setopt( $ch, CURLOPT_HEADER, 1);

curl_exec($ch);
curl_close ($ch);
$out = ob_get_contents();
ob_clean();

echo $out;
?>

2，curl伪造IP和来路 服务端 server.php

function GetIP(){
    if(!empty($_SERVER["HTTP_CLIENT_IP"]))
        $cip = $_SERVER["HTTP_CLIENT_IP"];
    else if(!empty($_SERVER["HTTP_X_FORWARDED_FOR"]))
        $cip = $_SERVER["HTTP_X_FORWARDED_FOR"];
    else if(!empty($_SERVER["REMOTE_ADDR"]))
        $cip = $_SERVER["REMOTE_ADDR"];
    else
    $cip = "无法获取！";
    return $cip;
}
echo "访问IP: ".GetIP()."";
echo "访问来路: ".$_SERVER["HTTP_REFERER"];
?>

补充：$_SERVER['REMOTE_ADDR']无法伪造。