PHP security: user with same IP as the server

Question

viniciusweb 0 Newbie Poster

15 Years Ago

In another forum I read, someone asked how to be sure that a request to a PHP script was sent by the same machine as the server. The obvious answer would be:

<?php

if ($_SERVER['REMOTE_ADDR'] == $_SERVER['SERVER_ADDR']) {
    // request comes from this server
}

?>

But then someone pointed that this is not safe, because a user could set his IP manually, making it the same as the server's.

Although I have some experience with PHP, I'm no expert in security or networking, so I don't really understand how a user would be allowed to send a request using the same IP as the server. Is this really possible?

php

2 Contributors
2 Replies
89 Views
1 Day Discussion Span
Latest Post 15 Years Ago Latest Post by viniciusweb

darkagn 315 Veteran Poster

15 Years Ago

Well, technically yes. A better solution would probably be:

if ($_SERVER['REMOTE_ADDR'] == '127.0.0.1') 
{
// request comes from this server
}

but even this would probably not be too safe. What are you trying to achieve by knowing the request was from the server?

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

viniciusweb 0 Newbie Poster · Answer 1 · 2009-08-12T22:49:12+00:00

What are you trying to achieve by knowing the request was from the server?

I'm not using it, this code was posted in another forum, I just found the question interesting.

Thanks for the reply, your solution is probably better.