test.php文件
| 代码如下 |
复制代码 |
|
ob_start();
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://www.xxx.cn/test/test2.php");
curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-FORWARDED-FOR:1.1.1.1', 'CLIENT-IP:2.2.2.2')); //伪造IP
curl_setopt($ch, CURLOPT_REFERER, "http://www.111com.net/ "); //伪造来源网址
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_exec($ch);
curl_close($ch);
$out = ob_get_contents();
ob_clean();
echo $out;
?>
|
test2.php文件代码如下
| 代码如下 |
复制代码 |
|
function getClientIp() {
if (!empty($_SERVER["HTTP_CLIENT_IP"]))
$ip = $_SERVER["HTTP_CLIENT_IP"];
else if (!empty($_SERVER["HTTP_X_FORWARDED_FOR"]))
$ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
else if (!empty($_SERVER["REMOTE_ADDR"]))
$ip = $_SERVER["REMOTE_ADDR"];
else
$ip = "err";
return $ip;
}
echo "
IP: " . getClientIp() . " HTTP_CLIENT_IP-: " . $_SERVER["HTTP_CLIENT_IP"] . " HTTP_X_FORWARDED_FOR-: " . $_SERVER["HTTP_X_FORWARDED_FOR"] . " REMOTE_ADDR-: " . $_SERVER["REMOTE_ADDR"] . " ";
echo "
referer: " . $_SERVER["HTTP_REFERER"];
?>
|
执行结果:
HTTP/1.1 200 OK
Server: DWS/01.03Z33
Date: Mon, 09 Jun 2014 09:27:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
IP: 2.2.2.2 HTTP_CLIENT_IP-: 2.2.2.2 HTTP_X_FORWARDED_FOR-: 1.1.1.1
REMOTE_ADDR-: 127.0.0.1
referer: http://www.111com.net/
但是暂时还无法伪造骗过:
$_SERVER["REMOTE_ADDR"]。
所以建议大家记录IP时使用$_SERVER["REMOTE_ADDR"]。
