curl虽然功能强大,但是只能伪造$_SERVER["HTTP_X_FORWARDED_FOR"],对于大多数IP地址检测程序来说,$_SERVER["REMOTE_ADDR"]很难被伪造: 首先是client.php的代码 01 $headers['CLIENT-IP'] ='202.103.229.40'; 02
curl虽然功能强大,但是只能伪造$_SERVER["HTTP_X_FORWARDED_FOR"],对于大多数IP地址检测程序来说,$_SERVER["REMOTE_ADDR"]很难被伪造:
首先是client.php的代码
01 $headers['CLIENT-IP'] = '202.103.229.40'; 02 $headers['X-FORWARDED-FOR'] = '202.103.229.40'; 03 04 $headerArr = array(); 05 foreach( $headers as $n => $v ) { 06 $headerArr[] = $n .':' . $v; 07 } 08 09 ob_start(); 10 $ch = curl_init(); 11 curl_setopt ($ch, CURLOPT_URL, "http://localhost/curl/server.php"); 12 curl_setopt ($ch, CURLOPT_HTTPHEADER , $headerArr ); //构造IP 13 curl_setopt ($ch, CURLOPT_REFERER, "http://www.163.com/ "); //构造来路 14 curl_setopt( $ch, CURLOPT_HEADER, 1); 15 16 curl_exec($ch); 17 curl_close ($ch); 18 $out = ob_get_contents(); 19 ob_clean(); 20 21 echo $out;然后是server.php
01 function GetIP(){ 02 if(!emptyempty($_SERVER["HTTP_CLIENT_IP"])) 03 $cip = $_SERVER["HTTP_CLIENT_IP"]; 04 else if(!emptyempty($_SERVER["HTTP_X_FORWARDED_FOR"])) 05 $cip = $_SERVER["HTTP_X_FORWARDED_FOR"]; 06 else if(!emptyempty($_SERVER["REMOTE_ADDR"])) 07 $cip = $_SERVER["REMOTE_ADDR"]; 08 else 09 $cip = "无法获取!"; 10 return $cip; 11 } 12 echo "<br>访问IP: ".GetIP()."<br>"; 13 echo "<br>访问来路: ".$_SERVER["HTTP_REFERER"];