curl虽然功能强大,但是只能伪造$_SERVER["HTTP_X_FORWARDED_FOR"],对于大多数IP地址检测程序来说,$_SERVER["REMOTE_ADDR"]很难被伪造:
首先是client.php的代码
$headers['CLIENT-IP'] = '202.103.229.40'; $headers['X-FORWARDED-FOR'] = '202.103.229.40'; $headerArr = array(); foreach( $headers as $n => $v ) { $headerArr[] = $n .':' . $v; } ob_start(); $ch = curl_init(); curl_setopt ($ch, CURLOPT_URL, "http://localhost/curl/server.php"); curl_setopt ($ch, CURLOPT_HTTPHEADER , $headerArr ); //构造IP curl_setopt ($ch, CURLOPT_REFERER, "http://www.163.com/ "); //构造来路 curl_setopt( $ch, CURLOPT_HEADER, 1); curl_exec($ch); curl_close ($ch); $out = ob_get_contents(); ob_clean(); echo $out;
然后是server.php
function GetIP(){ if(!emptyempty($_SERVER["HTTP_CLIENT_IP"])) $cip = $_SERVER["HTTP_CLIENT_IP"]; else if(!emptyempty($_SERVER["HTTP_X_FORWARDED_FOR"])) $cip = $_SERVER["HTTP_X_FORWARDED_FOR"]; else if(!emptyempty($_SERVER["REMOTE_ADDR"])) $cip = $_SERVER["REMOTE_ADDR"]; else $cip = "无法获取!"; return $cip; } echo " 访问IP: ".GetIP()." "; echo " 访问来路: ".$_SERVER["HTTP_REFERER"];