如何從特定網路取得客戶端IP位址？

Question 1

所以我假設您正在尋找 php 解決方案？在這種情況下，你將需要這樣的東西：

function get_ip_address() {
    // check for shared internet/ISP IP
    if (!empty($_SERVER['HTTP_CLIENT_IP']) && validate_ip($_SERVER['HTTP_CLIENT_IP'])) {
        return $_SERVER['HTTP_CLIENT_IP'];
    }

    // check for IPs passing through proxies
    if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        // check if multiple ips exist in var
        if (strpos($_SERVER['HTTP_X_FORWARDED_FOR'], ',') !== false) {
            $iplist = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
            foreach ($iplist as $ip) {
                if (validate_ip($ip))
                    return $ip;
            }
        } else {
            if (validate_ip($_SERVER['HTTP_X_FORWARDED_FOR']))
                return $_SERVER['HTTP_X_FORWARDED_FOR'];
        }
    }
    if (!empty($_SERVER['HTTP_X_FORWARDED']) && validate_ip($_SERVER['HTTP_X_FORWARDED']))
        return $_SERVER['HTTP_X_FORWARDED'];
    if (!empty($_SERVER['HTTP_X_CLUSTER_CLIENT_IP']) && validate_ip($_SERVER['HTTP_X_CLUSTER_CLIENT_IP']))
        return $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'];
    if (!empty($_SERVER['HTTP_FORWARDED_FOR']) && validate_ip($_SERVER['HTTP_FORWARDED_FOR']))
        return $_SERVER['HTTP_FORWARDED_FOR'];
    if (!empty($_SERVER['HTTP_FORWARDED']) && validate_ip($_SERVER['HTTP_FORWARDED']))
        return $_SERVER['HTTP_FORWARDED'];

    // return unreliable ip since all else failed
    return $_SERVER['REMOTE_ADDR'];
}

function validate_ip($ip) {
if (strtolower($ip) === 'unknown')
    return false;

// generate ipv4 network address
$ip = ip2long($ip);

// if the ip is set and not equivalent to 255.255.255.255
if ($ip !== false && $ip !== -1) {
    // make sure to get unsigned long representation of ip
    // due to discrepancies between 32 and 64 bit OSes and
    // signed numbers (ints default to signed in PHP)
    $ip = sprintf('%u', $ip);
    // do private network range checking
    if ($ip >= 0 && $ip <= 50331647) return false;
    if ($ip >= 167772160 && $ip <= 184549375) return false;
    if ($ip >= 2130706432 && $ip <= 2147483647) return false;
    if ($ip >= 2851995648 && $ip <= 2852061183) return false;
    if ($ip >= 2886729728 && $ip <= 2887778303) return false;
    if ($ip >= 3221225984 && $ip <= 3221226239) return false;
    if ($ip >= 3232235520 && $ip <= 3232301055) return false;
    if ($ip >= 4294967040) return false;
}
return true;
 }

現在你只需要呼叫 $ip = get_ip_address();

我需要告訴你，這就是極度危險給人們基於IP的存取！

Answer

所以我假設您正在尋找 php 解決方案？在這種情況下，你將需要這樣的東西：

function get_ip_address() {
    // check for shared internet/ISP IP
    if (!empty($_SERVER['HTTP_CLIENT_IP']) && validate_ip($_SERVER['HTTP_CLIENT_IP'])) {
        return $_SERVER['HTTP_CLIENT_IP'];
    }

    // check for IPs passing through proxies
    if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        // check if multiple ips exist in var
        if (strpos($_SERVER['HTTP_X_FORWARDED_FOR'], ',') !== false) {
            $iplist = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
            foreach ($iplist as $ip) {
                if (validate_ip($ip))
                    return $ip;
            }
        } else {
            if (validate_ip($_SERVER['HTTP_X_FORWARDED_FOR']))
                return $_SERVER['HTTP_X_FORWARDED_FOR'];
        }
    }
    if (!empty($_SERVER['HTTP_X_FORWARDED']) && validate_ip($_SERVER['HTTP_X_FORWARDED']))
        return $_SERVER['HTTP_X_FORWARDED'];
    if (!empty($_SERVER['HTTP_X_CLUSTER_CLIENT_IP']) && validate_ip($_SERVER['HTTP_X_CLUSTER_CLIENT_IP']))
        return $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'];
    if (!empty($_SERVER['HTTP_FORWARDED_FOR']) && validate_ip($_SERVER['HTTP_FORWARDED_FOR']))
        return $_SERVER['HTTP_FORWARDED_FOR'];
    if (!empty($_SERVER['HTTP_FORWARDED']) && validate_ip($_SERVER['HTTP_FORWARDED']))
        return $_SERVER['HTTP_FORWARDED'];

    // return unreliable ip since all else failed
    return $_SERVER['REMOTE_ADDR'];
}

function validate_ip($ip) {
if (strtolower($ip) === 'unknown')
    return false;

// generate ipv4 network address
$ip = ip2long($ip);

// if the ip is set and not equivalent to 255.255.255.255
if ($ip !== false && $ip !== -1) {
    // make sure to get unsigned long representation of ip
    // due to discrepancies between 32 and 64 bit OSes and
    // signed numbers (ints default to signed in PHP)
    $ip = sprintf('%u', $ip);
    // do private network range checking
    if ($ip >= 0 && $ip <= 50331647) return false;
    if ($ip >= 167772160 && $ip <= 184549375) return false;
    if ($ip >= 2130706432 && $ip <= 2147483647) return false;
    if ($ip >= 2851995648 && $ip <= 2852061183) return false;
    if ($ip >= 2886729728 && $ip <= 2887778303) return false;
    if ($ip >= 3221225984 && $ip <= 3221226239) return false;
    if ($ip >= 3232235520 && $ip <= 3232301055) return false;
    if ($ip >= 4294967040) return false;
}
return true;
 }

現在你只需要呼叫 $ip = get_ip_address();

我需要告訴你，這就是極度危險給人們基於IP的存取！

Question 2

我不確定您可以使用哪些資源，但有些裝置可以根據登入使用者的身分來完成此操作。地址。然後，您根據使用者名稱（而不是 IP）編寫 ACL。它並不完美，但它有效。

思科基於身分的防火牆：http://www.cisco.com/c/dam/en/us/products/collathal/security/asa-5500-series-next- Generation-firewalls/at_a_glance_c45-675579.pdf

正如所說，僅對 IP 位址進行過濾只是安全的第一步。設定靜態IP，甚至欺騙IP都很容易。您還需要一些身份驗證機制。

Answer

我不確定您可以使用哪些資源，但有些裝置可以根據登入使用者的身分來完成此操作。地址。然後，您根據使用者名稱（而不是 IP）編寫 ACL。它並不完美，但它有效。

思科基於身分的防火牆：http://www.cisco.com/c/dam/en/us/products/collathal/security/asa-5500-series-next- Generation-firewalls/at_a_glance_c45-675579.pdf

正如所說，僅對 IP 位址進行過濾只是安全的第一步。設定靜態IP，甚至欺騙IP都很容易。您還需要一些身份驗證機制。

如何從特定網路取得客戶端IP位址？

答案1

答案2

相關內容