Best unofficial Apache Server developers community

Answers

Is it necessary to validate $_SERVER['REMOTE_ADDR']?

⇧

⇩

54 views

assuming that php is running in web mode via cgi / mod_php / etc...

is it safe to assume that $_SERVER['REMOTE_ADDR'] will exist, and further more, that it will contain a correctly stylized (sorry, terminology may be off here...) ip (1.1.1.1 -> 255.255.255.255?)?

this is not a question regarding weather the ip contained inside $_SERVER['REMOTE_ADDR'] will be a the true ip of the client making the request, as i do understand this can be 'spoofed' by modifying the outbound tcp packets...

just simply:

a) will $_SERVER['REMOTE_ADDR'] always exist if php is ran in web mode. b) if $_SERVER['REMOTE_ADDR'] does always exist, will it always contain a properly syntaxed ip?

thanks.

php apache cgi

asked June 25, 2011 9:01 am CDT

anonymous-one

posted via StackOverflow

1 Answer

⇧

⇩

Yes, it is always present in web mode, and since the IP address is converted from its binary representation to the textual format you're seeing, it is always valid - there is no way to specify an invalid IP in the IP header.

One more thing: Don't assume any special format unless you absolutely must deal with IP addresses. For example, IPv6 addresses are longer and contain different characters. Basically, deal with IP addresses as an opaque string.

answered June 25, 2011 9:23 am CDT

phihag

Your answer

Similar discussion threads

Problem with $_SERVER['REQUEST_URI'];
June 5, 2011 03:23:17 PM
In my nginx server, $_SERVER['REQUEST_URI']; does not work, and returns nothing. When using getenv("REQUEST_URI"); it will returns the url of the current page instead of the reffering url. And in this case, it will return the current filename (e.g.…

SERVER_ADDR and REMOTE_ADDR corrupt?
December 10, 2010 08:09:47 AM
Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.7d DAV/2 Server Sun Solaris 10 (update 8) cgi-bin scripts getting corrupt IP addresses in SERVER_ADDR and REMOTE_ADDR: SERVER_ADDR=28.97.76.182.76.182 REMOTE_ADDR=11.163.130.254130.254 Tried…

Re: SERVER_ADDR and REMOTE_ADDR corrupt?
December 10, 2010 09:16:41 AM
On Fri 10/12/10 14:09 , Mark R Bannister mar### @proseconsulting.co.uk sent: > Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.7d DAV/2 Server > Sun Solaris 10 (update 8) > cgi-bin scripts getting corrupt IP addresses in SERVER_ADDR and…

Re: Issue 993 in cherokee: Dynamic Document Root not in $_SERVER['DOCUMENT_ROOT']; in PHP
February 6, 2011 04:32:16 AM
Updates: Status: Fixed Owner: alobbs Labels: Type-Defect Priority-Medium OpSys-All Component-Logic Comment #3 on issue 993 by alobbs: Dynamic Document Root not in $_SERVER['DOCUMENT_ROOT']; in PHP…

Varnish + nginx with php and REMOTE_ADDR issue using http_realip_module
June 10, 2011 06:43:06 PM
This is a multi-part message in MIME format.This is a multi-part message in MIME format.Hello, Please, I'm trying to use http_realip_module (http://wiki.nginx.org/NginxHttpRealIpModule#real_ip_header) to get the X-Forwarded-For IP in my .php, but…

DO NOT REPLY New: WebappClassLoader.validate(name) does not validate javax.servlet.
August 15, 2010 10:07:41 AM
https://issues.apache.org/bugzilla/show_bug.cgi?id=49750 Summary: WebappClassLoader.validate(name) does not validate javax.servlet. Product: Tomcat 7 Version: trunk Platform: All …

Re: Which XSD file can I use to validate my SCXML before I try to use it?
November 3, 2010 10:38:39 AM
On Wed, Nov 3, 2010 at 11:09 AM, Lee Breisacher <LBreis### @seagullsoftware.com> wrote: > Did anything ever happen with this? I would like to have a set of SCXML xsd files that match commons-scxml. > <snip/> I don't think the…

Cocoon2.2: how-to validate generated xml
June 10, 2010 03:12:22 AM
Hi all, I was looking for a validation transformer for Cocoon2.2 which basically validates according to some schema and does nothing except for throwing a validation exception. Anyone who can point me out if there's documentation on how-to.…

Re: Does mongodb validate data types?
May 31, 2011 01:50:17 AM
Ok, thank you guys!

Does mongodb validate data types?
May 26, 2011 03:37:23 AM
Does mongodb validate data types?

Is there a way to validate before conversions (to_mongo) occur ?
May 6, 2011 09:36:13 AM
Hello, I'm using money and mm-money [1] to store amounts with their currencies in MongoMapper. class Product key :amount, Money end The conversion apparently occurs before the validation, and on some cases Money will raise an error, ex for…

Re: Java GridFS Driver and validate()
September 1, 2010 10:21:53 AM
Its a bug in the java driver when using a non-default bucket. Added a case here: http://jira.mongodb.org/browse/JAVA-160 On Wed, Sep 1, 2010 at 11:06 AM, johndemic <john.### @gmail.com> wrote: > Hey All, > > I'm attempting to save…

Java GridFS Driver and validate()
September 1, 2010 10:11:24 AM
Hey All, I'm attempting to save a file to GridFS with the following code: GridFS gridFS = new GridFS(db, bucket) GridFSInputFile createdFile = gridFS.createFile(file) createdFile.save() createdFile.validate() Using the 2.1 Java…

Re: Validate, method names, class name
April 23, 2011 06:32:18 AM
On Apr 23, 2011, at 7:10, "Jörg Schaible" <joerg.sc### @gmx.de> wrote: > Gary Gregory wrote: > >> Hi All: >> >> I find that the new 'valid' method names in Validate make for odd reading. >> >> I think a…

Re: Validate, method names, class name
April 23, 2011 06:10:59 AM
Gary Gregory wrote: > Hi All: > > I find that the new 'valid' method names in Validate make for odd reading. > > I think a verb like 'validate*' or 'check*' would be better. Especially > when the Javadocs all start with…

Validate nodes on workspace.importXML
March 18, 2011 10:11:40 AM
When importing nodes from an xml file using Workspace.importXML is it possible to validate/reject a node? For example say we want to reject (i.e. don't import) the nodes that have a department property that has a value of accounting? Thanks, …

Restful CXF: How to make JAX-RS validate inbound XML
June 2, 2010 08:07:32 AM
How can I make JAX-RS validate an xml document as part of a RESTful POST request? I have a schema hanging around but have not seen any way to force validation when the document is received. Jon Willard

Validate class with NullPointerException handling
April 12, 2011 02:22:26 PM
Hello, I have some concerns regarding of *Validate* class with the case of null pointer exceptions. I see that there are some misleading messages, for example: Validate.notEmpty((Object[]) null); => throws "java.lang.NullPointerException" with…

Validate an image object on a webpage
June 9, 2010 12:25:46 PM
Is it possible to verify that an image object on a website page is successfully loaded through functional testing on Jmeter? The test case is to validate that all the images (png or jpeg) are loaded properly at any given request time for a website.…

Validate not called after API component creation
January 11, 2011 12:01:18 PM
Hi everyone, I think I discovered a bug with iPojo. I quickly summarize what I do. I've got a class @Component @Provides(strategy = "SERVICE") class A implements B { @Validate public void ready() { // Initialize Stuff } } …

Questions and Answers are licensed under cc-wiki license.

Is it necessary to validate $_SERVER['REMOTE_ADDR']?

1 Answer

Your answer

Join with account you already have