I have created a website and I want to allow specific IP addresses to be able to visit this website.
After some research I found out that IP addresses might change everyday. Is there any way to obtain the new addresses?
网站如何跟踪IP地址[关闭]
- 写回答
- 好问题 0 提建议
- 追加酬金
- 关注问题
- 邀请回答
-
1条回答 默认 最新
- douminfu8033 2013-12-06 11:44关注
IP Addresses change depending on the ISP of the user viewing your website. Some will be assigned a static IP, while many home users may be assigned a dynamic IP that could change on a varying basis.
There are a few different options to handling user authentication, with varying levels of usability:
Use a login form and create users. You will have to create a database to store encrypted passwords and other user data.
Use a login with IP address whitelisting. You can detect the origin of the server request using the
$_SERVER['REMOTE_ADDR']
variable in PHP. Note that if the user is going through a proxy, you will be returned the proxy IP and not the users. You can require a login from anyone outside your array of whitelisted IPs.-
A small sample script to set up your database:
$ msyql -u root -pYourPassword > CREATE DATABASE mysite; > CREATE TABLE users (id TINYINT NOT NULL AUTO_INCREMENT, name VARCHAR(30), password VARCHAR(60), email VARCHAR(30), PRIMARY KEY (id));
That's it for creating a very simple database. For security, you should always salt passwords prior to passing them through the MySQL PASSWORD() function.
-
If you aren't comfortable using a database, you can manage user login credentials using htaccess. It is simple and offers no extra fringe benefits or manageability that would come with a programmatic login.
#just a basic login AuthType Basic AuthName "Login Required" #the absolute path to your htpasswd. you can use relative, just be conscious if you move either file AuthUserFile /path/to/.htpasswd #if you don't have this, your already limited security is blown Require valid-user
-
Wherever the .htpasswd is according to the htaccess, you will have a file
.htpasswd
with one line per user that looks something like:john:$apr1$j08c8l7h$ck52z9GqO0VTgKY5OMerV0
-
Whenever using the .htaccess method, you should own and chmod 600 the files to ensure only the Apache user can read them:
chown www-data:www-data .htaccess && chmod 600 .htaccess chown www-data:www-data /path/to/.htpasswd && chmod 600 .htpasswd
I would highly recommend using a standard login system with your information stored in a MySQL (or postgres, oracle, etc) database. You noted yourself that IP addresses do change, and frequently updating and managing access to a site using only a list of IP addresses is neither efficient or secure.
本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏 举报
悬赏问题
- ¥100 iOS开发关于快捷指令截屏后如何将截屏(或从截屏中提取出的文本)回传给本应用并打开指定页面
- ¥15 unity连接Sqlserver
- ¥15 图中这种约束条件lingo该怎么表示出来
- ¥15 VSCode里的Prettier如何实现等式赋值后的对齐效果?
- ¥15 流式socket文件传输答疑
- ¥20 keepalive配置业务服务双机单活的方法。业务服务一定是要双机单活的方式
- ¥50 关于多次提交POST数据后,无法获取到POST数据参数的问题
- ¥15 win10,这种情况怎么办
- ¥15 如何在配置使用Prettier的VSCode中通过Better Align插件来对齐等式?(相关搜索:格式化)
- ¥100 在连接内网VPN时,如何同时保持互联网连接