HTTP The Definitive Guide

Early web pioneers tried using the IP address of the client as a form of identification. This scheme
works if each user has a distinct IP address, if the IP address seldom (if ever) changes, and if the web
server can determine the client IP address for each request. While the client IP address typically is not
present in the HTTP headers,
[1]
web servers can find the IP address of the other side of the TCP
connection carrying the HTTP request.
[1]
As we'll see later, some proxies do add a Client-ip header, but this is not part of the HTTP standard.
For example, on Unix systems, the getpeername function call returns the client IP address of the
sending machine:
status = getpeername(tcp_connection_socket,...);
Unfortunately, using the client IP address to identify the user has numerous weaknesses that limit its
effectiveness as a user-identification technology:

Client IP addresses describe only the computer being used, not the user. If multiple users
share the same computer, they will be indistinguishable.

Many Internet service providers dynamically assign IP addresses to users when they log in.
Each time they log in, they get a different address, so web servers can't assume that IP
addresses will identify a user across login sessions.

To enhance security and manage scarce addresses, many users browse the Internet through
Network Address Translation (NAT) firewalls. These NAT devices obscure the IP addresses
of the real clients behind the firewall, converting the actual client IP address into a single,
shared firewall IP address (and different port numbers).

HTTP proxies and gateways typically open new TCP connections to the origin server. The
web server will see the IP address of the proxy server instead of that of the client. Some
proxies attempt to work around this problem by adding special Client-ip or X-Forwarded-For
HTTP extension headers to preserve the original IP address (Figure 11-1). But not all proxies
support this behavior.

Some web sites still use client IP addresses to keep track of the users between sessions, but not many.
There are too many places where IP address targeting doesn't work well.
A few sites even use client IP addresses as a security feature, serving documents only to users from a
particular IP address. While this may be adequate within the confines of an intranet, it breaks down in
the Internet, primarily because of the ease with which IP addresses are spoofed (forged). The presence
of intercepting proxies in the path also breaks this scheme. Chapter 14 discusses much stronger
schemes for controlling access to privileged documents.

Client IP Address Client Identification的更多相关文章

  1. Get Client IP

    How to get a user's client IP address in ASP.NET? Often you will want to know the IP address of some ...

  2. Linux Force DHCP Client (dhclient) to Renew IP Address

    http://www.cyberciti.biz/faq/howto-linux-renew-dhcp-client-ip-address/‘m using Ubuntu Linux. How to ...

  3. Get the client's IP address in socket.io

    From: https://www.wentong.org/codex/question-2018081564702.html When using socket.IO in a Node.js se ...

  4. Ubuntu setup Static IP Address

    Change Ubuntu Server from DHCP to a Static IP Address If the Ubuntu Server installer has set your se ...

  5. MySQL [Warning]: IP address 'xxxx' could not be resolved: Name or service not known

    MySQL的error log 出现大量的 DNS反解析错误. DNS解析是指,将 域名解析成ip地址: DNS反解析是指,将IP地址反解析成域名: Version: MySQL Community ...

  6. IP address could not be resolved: Temporary failure in name resolution

    今早发现mysql日志中有非常多例如以下的警告: 140724 18:41:25 [Warning] IP address '172.16.18.217' could not be resolved: ...

  7. 如何在没有显示器的情况下,查看 Raspberry Pi 3的 IP 信息(Raspberry Pi 3 ,IP Address)

    1. 如何在没有显示器的情况下,查看 Raspberry Pi 3的 IP 信息(Raspberry Pi 3 ,IP Address) 1 IP Address Any device connect ...

  8. 错误RSA host key for [ip address] has changed and you have requested strict checking.

    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ WARNING: REMOTE HOST IDENTIFICATION HAS ...

  9. 解决办法: RSA host key for [ip address] has changed and you have requested strict checking.

    在服务器重装后想要远程连接服务器,报错如下: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE ...

随机推荐

  1. JAVA-Word转PDF各种版本实现方式

    当下做一个项目,就是各种操作office,客户的需求总是各种不按常理,来需求就得搞啊.对JAVA操作office这方面真是头大,弟弟是真滴不懂不会啊.无奈只好试啊试的.网上一大堆好使的,一大堆不好使的 ...

  2. SNP密度分布模式

    1. window=100k,step=2k 统计每个window的snp密度,然后用mixtools的normalmixEM(两个组分的混合模型)统计snp的分布模式. R command: lib ...

  3. Windows Phone 解析手机型号DeviceStatus.DeviceName

    问题的产生 在WP开发过程中难免遇到统计等相关的数据回收,那么当使用DeviceStatus.DeviceName这个来获取设备的名称时经常会得到类似下面的设备信息:     可以看出这样的数据很不直 ...

  4. 浅析StackTrace

    我们在学习函数调用时,都知道每个函数都拥有自己的栈空间.一个函数被调用时,就创建一个新的栈空间.那么通过函数的嵌套调用最后就形成了一个函数调用堆栈.在c#中,使用StackTrace记录这个堆栈.你可 ...

  5. [kernel]字符设备驱动、平台设备驱动、设备驱动模型、sysfs几者之间的比较和关联

    转自:http://www.2cto.com/kf/201510/444943.html Linux驱动开发经验总结,绝对干货! 学习Linux设备驱动开发的过程中自然会遇到字符设备驱动.平台设备驱动 ...

  6. jquery设置radio选中

    <script type="text/javascript"> $(document).ready(function(){ $("input[type=rad ...

  7. 网络相关命令-netstat

    网络相关命令 netstat显示网络状态 usage: netstat [-vWeenNcCF] [<Af>] -r netstat {-V|--version|-h|--help} ne ...

  8. 几种在Linux下查询外网IP的办法。

    几种在Linux下查询外网IP的办法.   Curl 纯文本格式输出: curl icanhazip.com curl ifconfig.me curl curlmyip.com curl ip.ap ...

  9. Java中float/double取值范围与精度

    Java浮点数 浮点数结构 要说清楚Java浮点数的取值范围与其精度,必须先了解浮点数的表示方法,浮点数的结构组成,之所以会有这种所谓的结构,是因为机器只认识01,你想表示小数,你要机器认识小数点这个 ...

  10. 打开palette面板