问题
I have a web form that needs to act differently if the request to that form came from an internal network address or from a public IP address. I'm trying within my web form to determine if the request is from an internal network IP. Can I reliably do this, or can clients fake their source IP? Can I trust the information contained in Request.UserHostAddress?
回答1:
No, you can't unfortunately. It's pretty trivial to construct an HTTP request with spoofed headers.
回答2:
IP Spoofing is basically possible: Wikipedia but has limited use (as far as I understand, it is very hard to actually pull any data that way)
Best thing would of course be to route/restrict traffic on firewall or proxy level (establish a rule that allows local traffic only going to your site) to create maximum security.
来源:https://stackoverflow.com/questions/1835343/from-the-perspective-of-an-asp-net-web-form-can-the-request-userhostaddress-be