Menu
Forums
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Trending
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Upgrades
Log in
Register
What's new
Search
Search
Search titles only
By:
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Software Development
Programming
[PHP 7.3^] Kooser Directory.
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="BIOS" data-source="post: 453488" data-attributes="member: 15674"><p>Sure you could use modules too that works, but not everyone will be able to do that and people would also have to do more configuration to get it up and running.</p><p></p><p></p><p>You ignored my post. Yes, REMOTE_ADDR is populated by the server so cannot be spoofed so it's the best if you're building it for yourself and know it'll always be correct. But if you're using a CDN and a vanilla server install it'll likely just be your provider's IP for all users. So if you're locking sessions to REMOTE_ADDR then you're not really locking anything, since all users will have the same IP...</p><p></p><p>If you validate the request came from the proxy (by checking it against the provider's IP ranges) & validating the relevant client headers are legitimate IP's - you'd be better using that approach.</p></blockquote><p></p>
[QUOTE="BIOS, post: 453488, member: 15674"] Sure you could use modules too that works, but not everyone will be able to do that and people would also have to do more configuration to get it up and running. You ignored my post. Yes, REMOTE_ADDR is populated by the server so cannot be spoofed so it's the best if you're building it for yourself and know it'll always be correct. But if you're using a CDN and a vanilla server install it'll likely just be your provider's IP for all users. So if you're locking sessions to REMOTE_ADDR then you're not really locking anything, since all users will have the same IP... If you validate the request came from the proxy (by checking it against the provider's IP ranges) & validating the relevant client headers are legitimate IP's - you'd be better using that approach. [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Software Development
Programming
[PHP 7.3^] Kooser Directory.
Top