http请求头可以伪造,不仅代理可以,客户端也可以。
REMOTE_ADDR也可以伪造,通过伪造tcp握手包,Response将会发送给被伪造的IP,所以这个层面的伪造ip没有意义。
phpcms中的获取ip函数:
function ip() {
if(getenv('HTTP_CLIENT_IP') && strcasecmp(getenv('HTTP_CLIENT_IP'), 'unknown')) {
$ip = getenv('HTTP_CLIENT_IP');
} elseif(getenv('HTTP_X_FORWARDED_FOR') && strcasecmp(getenv('HTTP_X_FORWARDED_FOR'), 'unknown')) {
$ip = getenv('HTTP_X_FORWARDED_FOR');
} elseif(getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) {
$ip = getenv('REMOTE_ADDR');
} elseif(isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) {
$ip = $_SERVER['REMOTE_ADDR'];
}
return preg_match ( '/[\d\.]{7,15}/', $ip, $matches ) ? $matches [0] : '';
}
它首先取 HTTP_CLIENT_IP ,然后取 HTTP_X_FORWARDED_FOR,上述都取不到的情况下才去取 REMOTE_ADDR。可前两个都能在客户端伪造。所以这个次序不行。
来看一看如何伪造。
ip_request.php:
ip_response.php
输出结果:
HTTP/1.1 200 OK
Date: Wed, 08 Mar 2017 02:57:08 GMT
Server: Apache/2.4.9 (Win32) PHP/5.5.12
X-Powered-By: PHP/5.5.12
Content-Length: 2028
Connection: close
Content-Type: text/html
Array
(
[HTTP_HOST] => www.my.com
[HTTP_ACCEPT] => */*
[HTTP_REFERER] => http://www.163.com/
[HTTP_CLIENT_IP] => 2.2.2.2
[HTTP_X_FORWARDED_FOR] => 3.3.3.3,8.8.8.8
[CONTENT_TYPE] => application/x-www-form-urlencoded
[HTTP_EXPECT] => 100-continue
[PATH] => C:\Program Files\Java\jdk1.8.0_31\bin;C:\Program Files\Java\jdk1.8.0_31\jre\bin;C:\Program Files\Java\jdk1.8.0_31\bin;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\bin;C:\Program Files (x86)\MacType;F:\Program Files\TortoiseSVN\bin;C:\Python27\;C:\Program Files\nodejs\;C:\WINDOWS\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;E:\WAMP\bin\php\php5.5.12;C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps
[SystemRoot] => C:\WINDOWS
[COMSPEC] => C:\WINDOWS\system32\cmd.exe
[PATHEXT] => .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
[WINDIR] => C:\WINDOWS
[SERVER_SIGNATURE] =>
[SERVER_SOFTWARE] => Apache/2.4.9 (Win32) PHP/5.5.12
[SERVER_NAME] => www.my.com
[SERVER_ADDR] => 127.0.0.1
[SERVER_PORT] => 80
[REMOTE_ADDR] => 127.0.0.1
[DOCUMENT_ROOT] => E:/WAMP/www/my
[REQUEST_SCHEME] => http
[CONTEXT_PREFIX] =>
[CONTEXT_DOCUMENT_ROOT] => E:/WAMP/www/my
[SERVER_ADMIN] => admin@example.com
[SCRIPT_FILENAME] => E:/WAMP/www/my/ip_response.php
[REMOTE_PORT] => 59461
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.1
[REQUEST_METHOD] => POST
[QUERY_STRING] =>
[REQUEST_URI] => /ip_response.php
[SCRIPT_NAME] => /ip_response.php
[PHP_SELF] => /ip_response.php
[REQUEST_TIME_FLOAT] => 1488941828.317
[REQUEST_TIME] => 1488941828
)
phpcms已跪。
手机扫一扫
移动阅读更方便
你可能感兴趣的文章