HTTP The Definitive Guide

Early web pioneers tried using the IP address of the client as a form of identification. This scheme
works if each user has a distinct IP address, if the IP address seldom (if ever) changes, and if the web
server can determine the client IP address for each request. While the client IP address typically is not
present in the HTTP headers,
[1]
web servers can find the IP address of the other side of the TCP
connection carrying the HTTP request.
[1]
As we'll see later, some proxies do add a Client-ip header, but this is not part of the HTTP standard.
For example, on Unix systems, the getpeername function call returns the client IP address of the
sending machine:
status = getpeername(tcp_connection_socket,...);
Unfortunately, using the client IP address to identify the user has numerous weaknesses that limit its
effectiveness as a user-identification technology:

Client IP addresses describe only the computer being used, not the user. If multiple users
share the same computer, they will be indistinguishable.

Many Internet service providers dynamically assign IP addresses to users when they log in.
Each time they log in, they get a different address, so web servers can't assume that IP
addresses will identify a user across login sessions.

To enhance security and manage scarce addresses, many users browse the Internet through
Network Address Translation (NAT) firewalls. These NAT devices obscure the IP addresses
of the real clients behind the firewall, converting the actual client IP address into a single,
shared firewall IP address (and different port numbers).

HTTP proxies and gateways typically open new TCP connections to the origin server. The
web server will see the IP address of the proxy server instead of that of the client. Some
proxies attempt to work around this problem by adding special Client-ip or X-Forwarded-For
HTTP extension headers to preserve the original IP address (Figure 11-1). But not all proxies
support this behavior.

Some web sites still use client IP addresses to keep track of the users between sessions, but not many.
There are too many places where IP address targeting doesn't work well.
A few sites even use client IP addresses as a security feature, serving documents only to users from a
particular IP address. While this may be adequate within the confines of an intranet, it breaks down in
the Internet, primarily because of the ease with which IP addresses are spoofed (forged). The presence
of intercepting proxies in the path also breaks this scheme. Chapter 14 discusses much stronger
schemes for controlling access to privileged documents.

Client IP Address Client Identification的更多相关文章

  1. Get Client IP

    How to get a user's client IP address in ASP.NET? Often you will want to know the IP address of some ...

  2. Linux Force DHCP Client (dhclient) to Renew IP Address

    http://www.cyberciti.biz/faq/howto-linux-renew-dhcp-client-ip-address/‘m using Ubuntu Linux. How to ...

  3. Get the client's IP address in socket.io

    From: https://www.wentong.org/codex/question-2018081564702.html When using socket.IO in a Node.js se ...

  4. Ubuntu setup Static IP Address

    Change Ubuntu Server from DHCP to a Static IP Address If the Ubuntu Server installer has set your se ...

  5. MySQL [Warning]: IP address 'xxxx' could not be resolved: Name or service not known

    MySQL的error log 出现大量的 DNS反解析错误. DNS解析是指,将 域名解析成ip地址: DNS反解析是指,将IP地址反解析成域名: Version: MySQL Community ...

  6. IP address could not be resolved: Temporary failure in name resolution

    今早发现mysql日志中有非常多例如以下的警告: 140724 18:41:25 [Warning] IP address '172.16.18.217' could not be resolved: ...

  7. 如何在没有显示器的情况下,查看 Raspberry Pi 3的 IP 信息(Raspberry Pi 3 ,IP Address)

    1. 如何在没有显示器的情况下,查看 Raspberry Pi 3的 IP 信息(Raspberry Pi 3 ,IP Address) 1 IP Address Any device connect ...

  8. 错误RSA host key for [ip address] has changed and you have requested strict checking.

    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ WARNING: REMOTE HOST IDENTIFICATION HAS ...

  9. 解决办法: RSA host key for [ip address] has changed and you have requested strict checking.

    在服务器重装后想要远程连接服务器,报错如下: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE ...

随机推荐

  1. python操作word(改课文格式)【最终版】

    python操作word的一些方法,前面写了一些感悟,有点跑题,改了下题目,方便能搜索到.心急的可以直接拉到最后看代码,我都加了比较详细的注释. 从8.3号早上9点,到8.8号下午5点半下班,终于把这 ...

  2. 演练:创建和注册自定义 HTTP 模块

    本演练演示自定义 HTTP 模块的基本功能. 对于每个请求,都需要调用 HTTP 模块以响应 BeginRequest 和 EndRequest 事件. 因此,该模块在处理请求之前和之后运行. 如果 ...

  3. am335x 打开内部 RTC

    AM335X 打开内部 RTC 过程记录. kernel version: 3.2.0 先在 make menuconfig 里面打开内部RTC的配置: make menuconfig Device ...

  4. am335x alsa codec调试

    root@phyCORE-AM335x:~ aplay -l**** List of PLAYBACK Hardware Devices ****card 0: audio [PCM051 audio ...

  5. 同过增强Connection类[重写了close的方法]实现的从连接池取出连接并放回连接的简单的实现流程

    package tk.dong.connection.util; import java.io.IOException;import java.io.InputStream;import java.i ...

  6. java调用kettle_导入jar包(1)

    版权声明:本文为博主原创文章,未经博主允许不得转载. Java调用Kettle执行任务或转换,需要使用Kettle中的jar,可以先导入lib目录中的几个基本的jar,如:kettle-core.ja ...

  7. 关于Unity中场景视图的使用

    1.在任何状态下,按下鼠标中键可以切换到手掌的那个状态,可以移动当前场景 2.在手掌的那个状态,按住鼠标左键是移动场景视图,右键是视角绕着摄像机移动,按住alt+鼠标左键,是绕着指定物体旋转视角 3. ...

  8. .bss,.data,.text,.rodata

    那天工作时候发现build的时候发现问题, 问题内容是:.text的空间太小了. 我一直以为写代码,就真是弄懂代码怎么写,式样书怎么写,或者弄懂代码的问题所在, 没有想到在build的时候出现问题.结 ...

  9. jqgrid demo

    本人是用php写的,相信只要稍微用点时间看本人写的,就一定能看懂 前台代码 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//E ...

  10. 使用spring + ActiveMQ 总结

    使用spring + ActiveMQ 总结   摘要 Spring 整合JMS 基于ActiveMQ 实现消息的发送接收 目录[-] Spring 整合JMS 基于ActiveMQ 实现消息的发送接 ...