troubleshooting Question

spoofing $REMOTE_ADDR protection

Avatar of gg26gg26
gg26gg26 asked on
PHP
14 Comments3 Solutions3244 ViewsLast Modified:
Hi all,

I have a php based site that users log into using a username and password. They can only access the site from a certain location which I use $REMOTE_ADDR to check this as this location has a fixed IP.

I have been warned that it is easy to spoof this $REMOTE_ADDR variable, which from what I head read on various sites seems to be the case.

Has anyone got any tips that I could use to prevent a user from spoofing their IP to make the system think they are at the specific location?
Sorry, I'm waffling, how can I protect my site against spoofed $REMOTE_ADDR variables?

Thanks in advance

Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 3 Answers and 14 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 3 Answers and 14 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros