Member Avatar for viniciusweb

In another forum I read, someone asked how to be sure that a request to a PHP script was sent by the same machine as the server. The obvious answer would be:

<?php

if ($_SERVER['REMOTE_ADDR'] == $_SERVER['SERVER_ADDR']) {
    // request comes from this server
}

?>

But then someone pointed that this is not safe, because a user could set his IP manually, making it the same as the server's.

Although I have some experience with PHP, I'm no expert in security or networking, so I don't really understand how a user would be allowed to send a request using the same IP as the server. Is this really possible?

  • 2 Contributors
  • 2 Replies
  • 88 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by viniciusweb

Recommended Answers

All 2 Replies

Member Avatar for darkagn

Well, technically yes. A better solution would probably be:

if ($_SERVER['REMOTE_ADDR'] == '127.0.0.1') 
{
// request comes from this server
}

but even this would probably not be too safe. What are you trying to achieve by knowing the request was from the server?

Member Avatar for viniciusweb

What are you trying to achieve by knowing the request was from the server?

I'm not using it, this code was posted in another forum, I just found the question interesting.

Thanks for the reply, your solution is probably better.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.