Web Analytics Made Easy -
StatCounter Possible to fake $_SERVER["REMOTE_ADDR"]? - CodingForum

Announcement

Collapse
No announcement yet.

Possible to fake $_SERVER["REMOTE_ADDR"]?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Possible to fake $_SERVER["REMOTE_ADDR"]?

    Hi,

    I really need to know if it's unsecure to trust at $_SERVER["REMOTE_ADDR"]; ? Can someone tell me if that cannot be faked or not. I need to know. Actually, can someone set it to 127.0.0.1, because my script gives full admin access if IP is that...
    PHP 5 & MySQL 5 (Y)

  • #2
    It would be difficult to set it to 127.0.0.1. You could sort of "fake" the REMOTE_ADDR by using a proxy in which case you would see the proxy's adress not the users but no proxy should be seen as 127.0.0.1 from your server. However the HTTP_X_FORWARDED_FOR header can be set to anything and should not be trusted.
    I'm not sure if this was any help, but I hope it didn't make you stupider.

    Experience is something you get just after you really need it.
    PHP Installation Guide Feedback welcome.

    Comment

    Working...
    X