Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
mrWan2018-08-22 12:25:28
PHP
mrWan, 2018-08-22 12:25:28

How to protect against spoofed http headers?

I made my custom headers, threw a fictitious ip into them, on my server this fictitious ip was shown in the $_SERVER array, how can I protect myself from this?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
Alexander Aksentiev, 2018-08-22
@Sanasol

read IP not from headers...
Anything can be sent.
$_SERVER['REMOTE_ADDR'] is not taken from headers.

Report
A
Alexander, 2018-08-22
@zkelo

If you send any custom header to the server, it is prefixed with HTTP_. For example, if you send a header REMOTE_ADDR, then in all scripts on your site, this header will be available as$_SERVER['HTTP_REMOTE_ADDR']
Это вывод ключей и значений массива $_SERVER. Как видно, переданный мной IP был записан в $_SERVER['HTTP_REMOTE_ADDR'], а настоящий IP записан, как полагается, в $_SERVER['REMOTE_ADDR']

Similar questions
M
MrLumusss2022-01-12 20:01:57
Is it possible to enable XMP if some dice don't support it? 4Reply
E
Evgeny Samsonov2015-04-05 17:45:37
What is the name of the USB device? 3Reply
D
Danil Tunev2018-11-22 04:48:49
How to see assembler input parameters? 4Reply
A
Astral1004982020-09-25 14:08:44
How to clear a tab from a line? 2Reply
V
Vladimir Karpenko2017-04-19 19:41:47
What if there are two databases in an ASP.NET MVC5 project: one is database first, the other is code first? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question