dongshuao2309 2013-12-06 11:35
浏览 34
已采纳

网站如何跟踪IP地址[关闭]

I have created a website and I want to allow specific IP addresses to be able to visit this website.
After some research I found out that IP addresses might change everyday. Is there any way to obtain the new addresses?

  • 写回答

1条回答 默认 最新

  • douminfu8033 2013-12-06 11:44
    关注

    IP Addresses change depending on the ISP of the user viewing your website. Some will be assigned a static IP, while many home users may be assigned a dynamic IP that could change on a varying basis.

    There are a few different options to handling user authentication, with varying levels of usability:

    • Use a login form and create users. You will have to create a database to store encrypted passwords and other user data.

    • Use a login with IP address whitelisting. You can detect the origin of the server request using the $_SERVER['REMOTE_ADDR'] variable in PHP. Note that if the user is going through a proxy, you will be returned the proxy IP and not the users. You can require a login from anyone outside your array of whitelisted IPs.

    • A small sample script to set up your database:

      $ msyql -u root -pYourPassword
> CREATE DATABASE mysite;
> CREATE TABLE users (id TINYINT NOT NULL AUTO_INCREMENT, name VARCHAR(30), password VARCHAR(60), email VARCHAR(30), PRIMARY KEY (id));

    That's it for creating a very simple database. For security, you should always salt passwords prior to passing them through the MySQL PASSWORD() function.

    • If you aren't comfortable using a database, you can manage user login credentials using htaccess. It is simple and offers no extra fringe benefits or manageability that would come with a programmatic login.

      #just a basic login
AuthType Basic

AuthName "Login Required"
#the absolute path to your htpasswd. you can use relative, just be conscious if you move either file
AuthUserFile /path/to/.htpasswd
#if you don't have this, your already limited security is blown
Require valid-user

    • Wherever the .htpasswd is according to the htaccess, you will have a file .htpasswd with one line per user that looks something like:

      john:$apr1$j08c8l7h$ck52z9GqO0VTgKY5OMerV0

    • Whenever using the .htaccess method, you should own and chmod 600 the files to ensure only the Apache user can read them:

      chown www-data:www-data .htaccess && chmod 600 .htaccess

chown www-data:www-data /path/to/.htpasswd && chmod 600 .htpasswd

    I would highly recommend using a standard login system with your information stored in a MySQL (or postgres, oracle, etc) database. You noted yourself that IP addresses do change, and frequently updating and managing access to a site using only a list of IP addresses is neither efficient or secure.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥100 iOS开发关于快捷指令截屏后如何将截屏(或从截屏中提取出的文本)回传给本应用并打开指定页面
  • ¥15 unity连接Sqlserver
  • ¥15 图中这种约束条件lingo该怎么表示出来
  • ¥15 VSCode里的Prettier如何实现等式赋值后的对齐效果?
  • ¥15 流式socket文件传输答疑
  • ¥20 keepalive配置业务服务双机单活的方法。业务服务一定是要双机单活的方式
  • ¥50 关于多次提交POST数据后,无法获取到POST数据参数的问题
  • ¥15 win10,这种情况怎么办
  • ¥15 如何在配置使用Prettier的VSCode中通过Better Align插件来对齐等式?(相关搜索:格式化)
  • ¥100 在连接内网VPN时,如何同时保持互联网连接