go ahead... be a heretic | |
PerlMonks |
Re: Re: is IP# in $ENV{REMOTE_ADDR} spoofable?by jepri (Parson) |
on Oct 14, 2002 at 01:12 UTC ( [id://204953]=note: print w/replies, xml ) | Need Help?? |
Err. I'm not sure here, but I don't think it's possible to fake a remote address. Provided that the webserver is reporting the TCP connection address, and not a header that the client is sending, the REMOTE_ADDR should always be correct. The correct remote address is needed to build the TCP connection before the HTTP request is sent. This isn't true for things like ICMP where no 'connection' occurs. Of course, the computer connecting to you may be have been cracked or trojaned, so it might be worth the time to drop the server admin a line and let him know that someone is meddling with his box. If he doesn't respond positively, report him to the MAPS RBL.
____________________
In Section
Seekers of Perl Wisdom
|
|