The web site gets the security method HTTP_X_FORWARDED_FOR check for user IP

  • 2020-06-01 09:16:54
  • OfStack

Secure filtered getIP function


  function getIP() {
 $realip = ''; // Set default values 
 if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
  $realip = $_SERVER['HTTP_X_FORWARDED_FOR'];
 } elseif (isset($_SERVER['HTTP_CLIENT_IP'])) {
  $realip = $_SERVER['HTTP_CLIENT_IP'];
 } else {
  $realip = $_SERVER['REMOTE_ADDR'];
 }
 preg_match('/^((?:\d{1,3}\.){3}\d{1,3})/',$realip,$match);
 return $match?$match[0]:false;
}

The above function, with the addition of IP judgment, will only read data starting with Ip format, and the first one satisfies the IP format value. If false is not returned. This allows you to read the IP that satisfies the format, validating the IP format of the data.

If I read IP from the Internet and the user passes IP into the LAN, I should filter it out directly

In some websites, we can often see a hint that the illegal IP address, in fact, part 1 is the IP address format error, part 1 May be read to the IP address, does not meet the Internet above allow IP format. The following function encapsulates a function through the IANA site specification. By entering the IP address, you can know exactly whether the IP can be used on the Internet.


// The Internet allows the use of IP address 
function ipType2($ip) {
 $iplist = explode(".", $ip);
 if ($iplist[0] >= 224 && $iplist[0] <= 239)
  return ' multicast ';
 if ($iplist[0] >= 240 && $iplist[0] <= 255)
  return ' keep ';
 if (preg_match('/^198\.51\.100/', $ip))
  return 'TEST-NET-2 , documentation and examples ';
 if (preg_match('/^203\.0\.113/', $ip))
  return 'TEST-NET-3 , documentation and examples ';
 if (preg_match('/^192\.(18|19)\./', $ip))
  return ' Network benchmarking ';
 if (preg_match('/^192\.168/', $ip))
  return ' Private network [ An Intranet ]';
 if (preg_match('/^192\.88\.99/', $ip))
  return 'ipv6to4 relay ';
 if (preg_match('/^192\.0\.2\./', $ip))
  return 'TEST-NET-1 , documentation and examples ';
 if (preg_match('/^192\.0\.0\./', $ip))
  return ' Keep ( IANA ) ';
 if (preg_match('/^192\.0\.0\./', $ip))
  return ' Keep ( IANA ) ';
 if ($iplist[0] == 172 && $iplist[1] <= 31 && $iplist[1] >= 16)
  return ' Private network [ An Intranet ]';
 if ($iplist[0] == 169 && $iplist[1] == 254)
  return ' Link local ';
 if ($iplist[0] == 127)
  return ' The loopback address ';
 if ($iplist[0] == 10)
  return ' Private network [ An Intranet ]';
 if ($iplist[0] == 0)
  return ' This network (valid only as a source address) ';
 return 'InterNet Web address ';
}

When you type in the IP address, it returns the "'InterNet web address, '" so the IP address is not only the correct format, but also the legal IP address on the Internet. This is a complex function that excludes many non-internet IP addresses. The usual starting address of 192,127 and 10 is probably familiar. In practice, however, many IP addresses are reserved or reserved for other purposes. Cannot be used as Internet IP. With these two functions, we can not only read the IP address in the correct format, but also ensure that we read the IP address on the Internet. Above is often used in the work of the function, welcome friends to communicate!

By chengmo QQ:8292669


Related articles: