HTTP The Definitive Guide

Early web pioneers tried using the IP address of the client as a form of identification. This scheme
works if each user has a distinct IP address, if the IP address seldom (if ever) changes, and if the web
server can determine the client IP address for each request. While the client IP address typically is not
present in the HTTP headers,
[1]
web servers can find the IP address of the other side of the TCP
connection carrying the HTTP request.
[1]
As we'll see later, some proxies do add a Client-ip header, but this is not part of the HTTP standard.
For example, on Unix systems, the getpeername function call returns the client IP address of the
sending machine:
status = getpeername(tcp_connection_socket,...);
Unfortunately, using the client IP address to identify the user has numerous weaknesses that limit its
effectiveness as a user-identification technology:

Client IP addresses describe only the computer being used, not the user. If multiple users
share the same computer, they will be indistinguishable.

Many Internet service providers dynamically assign IP addresses to users when they log in.
Each time they log in, they get a different address, so web servers can't assume that IP
addresses will identify a user across login sessions.

To enhance security and manage scarce addresses, many users browse the Internet through
Network Address Translation (NAT) firewalls. These NAT devices obscure the IP addresses
of the real clients behind the firewall, converting the actual client IP address into a single,
shared firewall IP address (and different port numbers).

HTTP proxies and gateways typically open new TCP connections to the origin server. The
web server will see the IP address of the proxy server instead of that of the client. Some
proxies attempt to work around this problem by adding special Client-ip or X-Forwarded-For
HTTP extension headers to preserve the original IP address (Figure 11-1). But not all proxies
support this behavior.

Some web sites still use client IP addresses to keep track of the users between sessions, but not many.
There are too many places where IP address targeting doesn't work well.
A few sites even use client IP addresses as a security feature, serving documents only to users from a
particular IP address. While this may be adequate within the confines of an intranet, it breaks down in
the Internet, primarily because of the ease with which IP addresses are spoofed (forged). The presence
of intercepting proxies in the path also breaks this scheme. Chapter 14 discusses much stronger
schemes for controlling access to privileged documents.

Client IP Address Client Identification的更多相关文章

  1. Get Client IP

    How to get a user's client IP address in ASP.NET? Often you will want to know the IP address of some ...

  2. Linux Force DHCP Client (dhclient) to Renew IP Address

    http://www.cyberciti.biz/faq/howto-linux-renew-dhcp-client-ip-address/‘m using Ubuntu Linux. How to ...

  3. Get the client's IP address in socket.io

    From: https://www.wentong.org/codex/question-2018081564702.html When using socket.IO in a Node.js se ...

  4. Ubuntu setup Static IP Address

    Change Ubuntu Server from DHCP to a Static IP Address If the Ubuntu Server installer has set your se ...

  5. MySQL [Warning]: IP address 'xxxx' could not be resolved: Name or service not known

    MySQL的error log 出现大量的 DNS反解析错误. DNS解析是指,将 域名解析成ip地址: DNS反解析是指,将IP地址反解析成域名: Version: MySQL Community ...

  6. IP address could not be resolved: Temporary failure in name resolution

    今早发现mysql日志中有非常多例如以下的警告: 140724 18:41:25 [Warning] IP address '172.16.18.217' could not be resolved: ...

  7. 如何在没有显示器的情况下,查看 Raspberry Pi 3的 IP 信息(Raspberry Pi 3 ,IP Address)

    1. 如何在没有显示器的情况下,查看 Raspberry Pi 3的 IP 信息(Raspberry Pi 3 ,IP Address) 1 IP Address Any device connect ...

  8. 错误RSA host key for [ip address] has changed and you have requested strict checking.

    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ WARNING: REMOTE HOST IDENTIFICATION HAS ...

  9. 解决办法: RSA host key for [ip address] has changed and you have requested strict checking.

    在服务器重装后想要远程连接服务器,报错如下: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE ...

随机推荐

  1. struts2设置非默认路径的struts.properties以及.properties文件解决方案

    一.web应用的classpath简介    classpath路径在每个J2ee项目中都会用到,即WEB-INF下面的classes目录,所有src目录下面的java.xml.properties等 ...

  2. 孙源即将分享 DynamicCocoa 实现细节

    孙源即将分享 DynamicCocoa 实现细节   我的公众号之前发的一文中提到滴滴做了一个很牛逼的动态化方案 DynamicCocoa.该方案设计得非常精巧,解决了两种不同的语言在代码上如何等价生 ...

  3. form之action的绝对路径与相对路径

    1.当你的form要提交到你自己的站点之外的URL的时候,就采取绝对路径: <form action="http://www.xxx.yyy:zzzz/mmm/nn/kkk.jsp&q ...

  4. CGPathCreateMutable

      ios 图形与动画学习笔记 构造路径(CGPathCreateMutable) 一系列点放在一起,构成了一个形状.一系列的形状放在一起,构成了一个路径. /* 路径属于我们正在绘制他们的上下文.路 ...

  5. ajax——三级联动下拉列表框的优化(简化页面,用jquery插件代替原来页面代码,返回处理数据类型为"TEXT")

    数据库: 主页面 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://ww ...

  6. C++ c++与C语言的区别(三目运算符,const修饰符)

    //区别⑦:三目运算符(C++版本) #include<iostream> using namespace std; //三目运算符 C语言返回变量的值 C++语言是返回变量本身 void ...

  7. 关于Unity中调试C#的方法

    1.断点输出语句 在感觉有问题的地方的上下文写一些输出语句,如果控制台只有输出上文,没有输出下文,那么可以知道,上下文之间的语句有问题,因为下文没执行到,没有输出语句. Debug.Log(" ...

  8. php -- php的事务处理

    MYSQL的事务处理主要有两种方法. 1.用begin,rollback,commit来实现 begin 开始一个事务 rollback 事务回滚 commit 事务确认 2.直接用set来改变mys ...

  9. php -- 文件操作(创建、复制、移动、删除)

    创建 文件夹 bool mkdir ( string $pathname [, int $mode = 0777 [, bool $recursive = false [, resource $con ...

  10. hdu 1233 还是畅通project

    本题链接:点击打开链接 本题大意: 有n个村庄,n*(n-1)/2条路,输入每条路所连接是哪两个村庄及长度,求使全部村庄均连通(并不是都两两连通) 所铺公路的最短路程. 解题思路: 使用并查集基础及K ...