Reputation: 4036
From the perspective of an ASP.Net web form, can the Request.UserHostAddress be trusted?
I have a web form that needs to act differently if the request to that form came from an internal network address or from a public IP address. I'm trying within my web form to determine if the request is from an internal network IP. Can I reliably do this, or can clients fake their source IP? Can I trust the information contained in Request.UserHostAddress?
Upvotes: 0
Views: 307
Answers (2)
Reputation: 449783
IP Spoofing is basically possible: Wikipedia but has limited use (as far as I understand, it is very hard to actually pull any data that way)
Best thing would of course be to route/restrict traffic on firewall or proxy level (establish a rule that allows local traffic only going to your site) to create maximum security.
Upvotes: 1
Reputation: 116987
No, you can't unfortunately. It's pretty trivial to construct an HTTP request with spoofed headers.
Upvotes: 1
Related Questions
- What kind of results can I expect from Request.UserHostAddress?
- Is Request.IsLocal secure or can it be spoofed?
- System.Web.HttpContext.Current.Request.UserHostAddress;
- need to store IP address, is Request.UserHostAddress ok to use?
- Can Request.UserHostAddress.ToString() be spoofed ? asp.net 4.0 - iis 7.5
- What is the difference between Request.ServerVariables["REMOTE_ADDR"] and Request.UserHostAddress?
- Is it possible to spoof HttpRequest.UserHostAddress (REMOTE_ADDR)?
- ASP.NET question regarding getting the IP address of a user
- Is Request.ServerVariables["REMOTE_ADDR"] reliable enough?
- Do all web requests contain the requestor's IP?