|
curl虽然功能强大,但是只能伪造$_server["http_x_forwarded_for"],对于大多数ip地址检测程序来说,$_server["remote_addr"]很难被伪造:
首先是client.php的代码
| 01 |
$headers['CLIENT-IP'] = '202.103.229.40'; |
| 02 |
$headers['X-FORWARDED-FOR'] = '202.103.229.40'; |
| 05 |
foreach( $headers as $n => $v ) { |
| 06 |
$headerArr[] = $n .':' . $v; |
| 11 |
curl_setopt ($ch, CURLOPT_URL, "http://localhost/curl/server.php"); |
| 12 |
curl_setopt ($ch, CURLOPT_HTTPHEADER , $headerArr ); //构造IP |
| 13 |
curl_setopt ($ch, CURLOPT_REFERER, "http://www.163.com/ "); //构造来路 |
| 14 |
curl_setopt( $ch, CURLOPT_HEADER, 1); |
| 18 |
$out = ob_get_contents(); |
然后是server.php
| 02 |
if(!emptyempty($_SERVER["HTTP_CLIENT_IP"])) |
| 03 |
$cip = $_SERVER["HTTP_CLIENT_IP"]; |
| 04 |
else if(!emptyempty($_SERVER["HTTP_X_FORWARDED_FOR"])) |
| 05 |
$cip = $_SERVER["HTTP_X_FORWARDED_FOR"]; |
| 06 |
else if(!emptyempty($_SERVER["REMOTE_ADDR"])) |
| 07 |
$cip = $_SERVER["REMOTE_ADDR"]; |
| 12 |
echo "
访问IP: ".GetIP()."
"; |
| 13 |
echo "
访问来路: ".$_SERVER["HTTP_REFERER"]; |
| 
广告![ThinkPHP5快速开发企业站点[全程实录]](https://img.php.cn/upload/course/000/000/068/6253d918a3ce7278.png)
收藏
707
