Reliability of PHP'S $_SERVER['REMOTE_ADDR']

Question

I\'m building a site that is designed to be administered from localhost, but contains pages that expose data to internet or local network users. Can I rely on PHP\'s

Answer 1

That variable is filled with data provided by Apache (or another web server daemon) and should be reliable in identifying the IP address on the other end of the connection, yes. Check for 127.x.x.x (almost always 127.0.0.1) and ::1 (for IPv6). As Senica says, it may not always exist (for example, when running from the command line rather than through the web server). But if it is filled, it should be reliable.

To be able to fake it, somebody already needs pretty extensive access to your network and system in a way that you can't protect against with PHP anyway.