0

In another forum I read, someone asked how to be sure that a request to a PHP script was sent by the same machine as the server. The obvious answer would be:

<?php

if ($_SERVER['REMOTE_ADDR'] == $_SERVER['SERVER_ADDR']) {
    // request comes from this server
}

?>

But then someone pointed that this is not safe, because a user could set his IP manually, making it the same as the server's.

Although I have some experience with PHP, I'm no expert in security or networking, so I don't really understand how a user would be allowed to send a request using the same IP as the server. Is this really possible?

2
Contributors
2
Replies
3
Views
8 Years
Discussion Span
Last Post by viniciusweb
0

Well, technically yes. A better solution would probably be:

if ($_SERVER['REMOTE_ADDR'] == '127.0.0.1') 
{
// request comes from this server
}

but even this would probably not be too safe. What are you trying to achieve by knowing the request was from the server?

0

What are you trying to achieve by knowing the request was from the server?

I'm not using it, this code was posted in another forum, I just found the question interesting.

Thanks for the reply, your solution is probably better.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.