开发者

Get Client IP from a Server JSP [Security]

开发者 https://www.devze.com 2023-04-08 18:10 出处:网络
I want to know security issue using jsp method request.getRemoteAddr();. I want to filter some client IP (I can\'t use firewall :-().

I want to know security issue using jsp method request.getRemoteAddr();.

I want to filter some client IP (I can't use firewall :-().

I was wondering in this way an attacker can chang开发者_StackOverflow中文版e the ip source of HTTP Request?

Or the client ip is build from layer 3?

I want to check the security of this method against forging of HTTP Request (similar to ip spoofing that instead is based on layer 3 IP).

Thanks to all,

Andrea


The "client" IP address of an HTTP request is actually the IP of the last HTTP proxy. The client can't spoof it, but if the client uses a proxy (and many do) then the IP address won't be much help in identifying the source of the request.


I want just to be sure that the all the request come to my server through a proxy, and I don't want that a client can change this information in order to let the server think that is coming from a proxy while it's not...

It is theoretically possible for a client to spoof the IP address of the proxy, but it is not easy.

0

精彩评论

暂无评论...
验证码 换一张
取 消