HTTP The Definitive Guide

Early web pioneers tried using the IP address of the client as a form of identification. This scheme
works if each user has a distinct IP address, if the IP address seldom (if ever) changes, and if the web
server can determine the client IP address for each request. While the client IP address typically is not
present in the HTTP headers,
[1]
web servers can find the IP address of the other side of the TCP
connection carrying the HTTP request.
[1]
As we'll see later, some proxies do add a Client-ip header, but this is not part of the HTTP standard.
For example, on Unix systems, the getpeername function call returns the client IP address of the
sending machine:
status = getpeername(tcp_connection_socket,...);
Unfortunately, using the client IP address to identify the user has numerous weaknesses that limit its
effectiveness as a user-identification technology:

Client IP addresses describe only the computer being used, not the user. If multiple users
share the same computer, they will be indistinguishable.

Many Internet service providers dynamically assign IP addresses to users when they log in.
Each time they log in, they get a different address, so web servers can't assume that IP
addresses will identify a user across login sessions.

To enhance security and manage scarce addresses, many users browse the Internet through
Network Address Translation (NAT) firewalls. These NAT devices obscure the IP addresses
of the real clients behind the firewall, converting the actual client IP address into a single,
shared firewall IP address (and different port numbers).

HTTP proxies and gateways typically open new TCP connections to the origin server. The
web server will see the IP address of the proxy server instead of that of the client. Some
proxies attempt to work around this problem by adding special Client-ip or X-Forwarded-For
HTTP extension headers to preserve the original IP address (Figure 11-1). But not all proxies
support this behavior.

Some web sites still use client IP addresses to keep track of the users between sessions, but not many.
There are too many places where IP address targeting doesn't work well.
A few sites even use client IP addresses as a security feature, serving documents only to users from a
particular IP address. While this may be adequate within the confines of an intranet, it breaks down in
the Internet, primarily because of the ease with which IP addresses are spoofed (forged). The presence
of intercepting proxies in the path also breaks this scheme. Chapter 14 discusses much stronger
schemes for controlling access to privileged documents.

Client IP Address Client Identification的更多相关文章

  1. Get Client IP

    How to get a user's client IP address in ASP.NET? Often you will want to know the IP address of some ...

  2. Linux Force DHCP Client (dhclient) to Renew IP Address

    http://www.cyberciti.biz/faq/howto-linux-renew-dhcp-client-ip-address/‘m using Ubuntu Linux. How to ...

  3. Get the client's IP address in socket.io

    From: https://www.wentong.org/codex/question-2018081564702.html When using socket.IO in a Node.js se ...

  4. Ubuntu setup Static IP Address

    Change Ubuntu Server from DHCP to a Static IP Address If the Ubuntu Server installer has set your se ...

  5. MySQL [Warning]: IP address 'xxxx' could not be resolved: Name or service not known

    MySQL的error log 出现大量的 DNS反解析错误. DNS解析是指,将 域名解析成ip地址: DNS反解析是指,将IP地址反解析成域名: Version: MySQL Community ...

  6. IP address could not be resolved: Temporary failure in name resolution

    今早发现mysql日志中有非常多例如以下的警告: 140724 18:41:25 [Warning] IP address '172.16.18.217' could not be resolved: ...

  7. 如何在没有显示器的情况下,查看 Raspberry Pi 3的 IP 信息(Raspberry Pi 3 ,IP Address)

    1. 如何在没有显示器的情况下,查看 Raspberry Pi 3的 IP 信息(Raspberry Pi 3 ,IP Address) 1 IP Address Any device connect ...

  8. 错误RSA host key for [ip address] has changed and you have requested strict checking.

    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ WARNING: REMOTE HOST IDENTIFICATION HAS ...

  9. 解决办法: RSA host key for [ip address] has changed and you have requested strict checking.

    在服务器重装后想要远程连接服务器,报错如下: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE ...

随机推荐

  1. 华农校赛--G,用set比较大小,缩短时间复杂度

    Array C Time Limit: 1 Sec  Memory Limit: 128 MBSubmit: 581  Solved: 101[Submit][Status][Web Board] D ...

  2. Log4j容器深入探究

    1.思考 容器是什么? 水壶是容器,水壶中存放着水,等我们需要水了,直接用 Spring中的ApplicationContext是容器,里面存放着各种Bean,等我们需要了直接用,并且可以创建管理Be ...

  3. 基于jQuery头像裁剪插件cropbox

    今天给大家分享一款基于jQuery头像裁剪插件cropbox,这是一款简单实用的jQuery头像在线裁剪插件.该插件适用于适用浏览器:IE8.360.FireFox.Chrome.Safari.Ope ...

  4. love2d--glsl02变量和语句

    Shader分为顶点着色器和片段着色器,GPU先处理顶点再处理片段,大概可以这么理解, 顶点着色器处理模型里的点,输出处理后的数据,这些数据经过GPU其它模块处理后传入 片段着色器,经片段着色器综合后 ...

  5. Qt中将QString转换为char *或者相反

    1.将QString转换为std::string,可以通过QString的成员函数toStdString() QString Qstr="123";std::string str= ...

  6. 虚拟化–操作系统级 LXC Linux Containers内核轻量级虚拟化技术

    友情提示:非原文链接可能会影响您的阅读体验,欢迎查看原文.(http://blog.geekcome.com) 原文地址:http://blog.geekcome.com/archives/288 软 ...

  7. 微信小程序7 - 页面命名规范

    /pages/{module}/{page}/index.js   这个是目录结构 所有单个页面(Page)目录内, 都叫做index,如 index.js  index.wxss  ,不需要起其他名 ...

  8. mysql -- 存储过程中 declare 和 set 定义变量的区别

    mysql存储过程中,定义变量有两种方式:1.使用set或select直接赋值,变量名以 @ 开头.例如:set @var=1;可以在一个会话的任何地方声明,作用域是整个会话,称为会话变量. 2.以 ...

  9. 【BZOJ】1692 & 1640: [Usaco2007 Dec]队列变换(后缀数组+贪心)

    http://www.lydsy.com/JudgeOnline/problem.php?id=1692 http://www.lydsy.com/JudgeOnline/problem.php?id ...

  10. jQuery秒表、闹钟、计时器和报警插件

    jQuery秒表.闹钟.计时器和报警插件 http://www.sucaihuo.com/jquery/8/896/demo/