Loading ...
Sorry, an error occurred while loading the content.
 

Re: Capture IP address

Expand Messages
  • zen_e_boy
    Thanks for your replies, I ll give them a go over the weekend. I also found a way of doing it in Javascript that I could quite easily pass back via a hidden
    Message 1 of 6 , Sep 14, 2007
      Thanks for your replies, I'll give them a go over the weekend.
      I also found a way of doing it in Javascript that I could quite easily
      pass back via a hidden field in the form.
    • merlyn@stonehenge.com
      ... zen Thanks for your replies, I ll give them a go over the weekend. zen I also found a way of doing it in Javascript that I could quite easily zen pass
      Message 2 of 6 , Sep 14, 2007
        >>>>> "zen" == zen e boy <brett@...> writes:

        zen> Thanks for your replies, I'll give them a go over the weekend.
        zen> I also found a way of doing it in Javascript that I could quite easily
        zen> pass back via a hidden field in the form.

        Actually, to summarize points already made here:

        $ENV{REMOTE_ADDR} is the IP address of the connection to the server
        $ENV{REMOTE_HOST} *may* be the hostname of that connection

        Javascript *may* be used to get the IP address.

        == However ==

        Consider a browser sitting behind a NAT connecting to a server.
        Javascript will report the "local" address (before the NAT), while
        the ENVars will report the "public" address.

        Now, it gets worse.

        Consider a web server sitting behind an inbound proxy, such as a caching proxy
        or a corporate inbound firewall. Unless special work is performed, the ENVars
        will report the address of the *proxy*, not the public address of the client.

        I think the real question is, why do you care what IP is connecting?

        You can't use it for uniqueness (many users may have the same IP, and some
        hits during the same session may come in on separate IPs!). So, it won't work
        for a session management.

        You can't use it for access control (it's trivial to use TOR or other
        proxies to hide).

        So, why do you care what the IP is?

        --
        Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
        <merlyn@...> <URL:http://www.stonehenge.com/merlyn/>
        Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
        See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
      • zen_e_boy
        All good and valid points, most of which I never thought of because Im not that strong on IP networking. Thanks for taking the time to reply.
        Message 3 of 6 , Sep 14, 2007
          All good and valid points, most of which I never thought of because Im
          not that strong on IP networking.
          Thanks for taking the time to reply.
        Your message has been successfully submitted and would be delivered to recipients shortly.