HTTP The Definitive Guide

Early web pioneers tried using the IP address of the client as a form of identification. This scheme
works if each user has a distinct IP address, if the IP address seldom (if ever) changes, and if the web
server can determine the client IP address for each request. While the client IP address typically is not
present in the HTTP headers,
[1]
web servers can find the IP address of the other side of the TCP
connection carrying the HTTP request.
[1]
As we'll see later, some proxies do add a Client-ip header, but this is not part of the HTTP standard.
For example, on Unix systems, the getpeername function call returns the client IP address of the
sending machine:
status = getpeername(tcp_connection_socket,...);
Unfortunately, using the client IP address to identify the user has numerous weaknesses that limit its
effectiveness as a user-identification technology:

Client IP addresses describe only the computer being used, not the user. If multiple users
share the same computer, they will be indistinguishable.

Many Internet service providers dynamically assign IP addresses to users when they log in.
Each time they log in, they get a different address, so web servers can't assume that IP
addresses will identify a user across login sessions.

To enhance security and manage scarce addresses, many users browse the Internet through
Network Address Translation (NAT) firewalls. These NAT devices obscure the IP addresses
of the real clients behind the firewall, converting the actual client IP address into a single,
shared firewall IP address (and different port numbers).

HTTP proxies and gateways typically open new TCP connections to the origin server. The
web server will see the IP address of the proxy server instead of that of the client. Some
proxies attempt to work around this problem by adding special Client-ip or X-Forwarded-For
HTTP extension headers to preserve the original IP address (Figure 11-1). But not all proxies
support this behavior.

Some web sites still use client IP addresses to keep track of the users between sessions, but not many.
There are too many places where IP address targeting doesn't work well.
A few sites even use client IP addresses as a security feature, serving documents only to users from a
particular IP address. While this may be adequate within the confines of an intranet, it breaks down in
the Internet, primarily because of the ease with which IP addresses are spoofed (forged). The presence
of intercepting proxies in the path also breaks this scheme. Chapter 14 discusses much stronger
schemes for controlling access to privileged documents.

Client IP Address Client Identification的更多相关文章

  1. Get Client IP

    How to get a user's client IP address in ASP.NET? Often you will want to know the IP address of some ...

  2. Linux Force DHCP Client (dhclient) to Renew IP Address

    http://www.cyberciti.biz/faq/howto-linux-renew-dhcp-client-ip-address/‘m using Ubuntu Linux. How to ...

  3. Get the client's IP address in socket.io

    From: https://www.wentong.org/codex/question-2018081564702.html When using socket.IO in a Node.js se ...

  4. Ubuntu setup Static IP Address

    Change Ubuntu Server from DHCP to a Static IP Address If the Ubuntu Server installer has set your se ...

  5. MySQL [Warning]: IP address 'xxxx' could not be resolved: Name or service not known

    MySQL的error log 出现大量的 DNS反解析错误. DNS解析是指,将 域名解析成ip地址: DNS反解析是指,将IP地址反解析成域名: Version: MySQL Community ...

  6. IP address could not be resolved: Temporary failure in name resolution

    今早发现mysql日志中有非常多例如以下的警告: 140724 18:41:25 [Warning] IP address '172.16.18.217' could not be resolved: ...

  7. 如何在没有显示器的情况下,查看 Raspberry Pi 3的 IP 信息(Raspberry Pi 3 ,IP Address)

    1. 如何在没有显示器的情况下,查看 Raspberry Pi 3的 IP 信息(Raspberry Pi 3 ,IP Address) 1 IP Address Any device connect ...

  8. 错误RSA host key for [ip address] has changed and you have requested strict checking.

    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ WARNING: REMOTE HOST IDENTIFICATION HAS ...

  9. 解决办法: RSA host key for [ip address] has changed and you have requested strict checking.

    在服务器重装后想要远程连接服务器,报错如下: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE ...

随机推荐

  1. linux之backtrace

    backtrace用于打印函数调用堆栈 /******************************************************************************* ...

  2. 【转】在MAC下配置MySQL 5.7 数据库的编码问题

    1.MySQL 5.7 for MAC 默认没有my.cnf文件 ,首先 新建my.cnf文件: 2.在my.cnf文件追加 1 2 3 4 5 6 7 8 [mysqld] character-se ...

  3. 为女票写的计算工作时间的SQL(二)

    将非工作时间.非工作日.节假日去掉,计算工作时间,如下: 一.实现 -- 节假日表 CREATE TABLE Holiday ( id ) NOT NULL, DATE ), flag ) , PRI ...

  4. python右键不显示IDLE

    打开注册表,在HKEY_CLASSES_ROOT\SystemFileAssociations中添加.py\shell\Edit with IDLE\command(右键 ->‘新建’ -> ...

  5. 无需看到你的脸就能认出你——实现Beyond Frontal Faces: Improving Person Recognition Using Multiple Cues

    今年年初Facebook AI Research发布了一篇名为Beyond Frontal Faces: Improving Person Recognition Using Multiple Cue ...

  6. SpringBoot配置使用jsp页面技术

    SpringBoot配置使用jsp页面技术 1.pom配置 package配置必须为war类型 添加依赖 <packaging>war</packaging> <depe ...

  7. Oracle拉出在sqlserver建表的语句

    我们将Oracle数据同步到sqlserver时,是先得在sqlserver端建表的. 复杂的字段我们不同步,就仅仅考虑以下四种数据类型. Oracle到SQLServer做的映射: int -> ...

  8. 在windows中将Tomcat作为服务启动

    http://www.cnblogs.com/chuyuhuashi/archive/2012/04/28/2475315.html ————————————————————————————————— ...

  9. [android] android 获取网络连接信息

    效果图:  工具类 /** * 获取网络连接信息 * * 根据NetworkInfo可以知道有很多的连接方式和信息 * * ① 当没有任何可用网络的时候,networkinfo为null 判断netw ...

  10. web 开发之nginx--- 阿里云部署nginx

    http://blog.csdn.net/zhangjingyangguang/article/details/7441268 http://www.cnblogs.com/languoliang/a ...