Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I want to know security issue using jsp method request.getRemoteAddr();.
I want to filter some client IP (I can’t use firewall :-().
I was wondering in this way an attacker can change the ip source of HTTP Request?
Or the client ip is build from layer 3?
I want to check the security of this method against forging of HTTP Request (similar to ip spoofing that instead is based on layer 3 IP).
Thanks to all,
Andrea
The “client” IP address of an HTTP request is actually the IP of the last HTTP proxy. The client can’t spoof it, but if the client uses a proxy (and many do) then the IP address won’t be much help in identifying the source of the request.
It is theoretically possible for a client to spoof the IP address of the proxy, but it is not easy.