remote ip address

[Ben Aroia]

I am going to be using a simple ip limiting system on a site I'm working
on and using php you can get the remote ip simply by calling something
like
<?php echo $REMOTE_ADDR; ?>
Is there a similar method in ruby? I am not using rails, not supported
on the server I'm using. Thanks

 

[Iñaki Baz Castillo]

El Domingo, 30 de Marzo de 2008, Ben Aroia escribi=C3=B3:

I am going to be using a simple ip limiting system on a site I'm working
on and using php you can get the remote ip simply by calling something
like
<?php echo $REMOTE_ADDR; ?>
Is there a similar method in ruby? I am not using rails, not supported
on the server I'm using. Thanks

That depends on the Ruby web server you are using. The source IP is obtaine=
d=20
from the connection Ruby socket (if Ruby handles the conecction) but if you=
=20
are using a web server that is the responsible of handling the TCP connecti=
on=20
and providing the origin addressort in form of variable and so.



=2D-=20
I=C3=B1aki Baz Castillo

 

[Ben Aroia]

El Domingo, 30 de Marzo de 2008, Ben Aroia escribió:

That depends on the Ruby web server you are using. The source IP is
obtained
from the connection Ruby socket (if Ruby handles the conecction) but if
you
are using a web server that is the responsible of handling the TCP
connection
and providing the origin addressort in form of variable and so.

Apache/1.3.34 Ben-SSL/1.55 is the server info. It goes index.php has a
form that is submitted using GET to /ruby.rb. ruby.rb generates the
content for the page depending on the form input. I'm not sure if I'm
all that clear. It's not a ruby web server. It's just a script on a web
server.

 

[Iñaki Baz Castillo]

El Domingo, 30 de Marzo de 2008, Ben Aroia escribi=C3=B3:

Apache/1.3.34 Ben-SSL/1.55 is the server info. It goes index.php has a
form that is submitted using GET to /ruby.rb. ruby.rb generates the
content for the page depending on the form input. I'm not sure if I'm
all that clear. It's not a ruby web server. It's just a script on a web
server.

So, does PHP call to a Ruby script?

If that, the only way is that PHP passes the source address as a parameter =
to=20
the Ruby script. Note that in your case Ruby is not handling the socket at=
=20
ALL, so it's no way to get the address IPort except passing it as=20
parameter.



=2D-=20
I=C3=B1aki Baz Castillo

 

[Ben Aroia]

El Domingo, 30 de Marzo de 2008, Ben Aroia escribió:


So, does PHP call to a Ruby script?

If that, the only way is that PHP passes the source address as a
parameter to
the Ruby script. Note that in your case Ruby is not handling the socket
at
ALL, so it's no way to get the address IPort except passing it as
parameter.

Ah. Ok. Thanks.

 

[Martin Boese]

The remote ip is a CGI parameters. All webservers should set this, you can=
=20
read it with (assuming you use CGI):

require 'cgi'
$stderr.puts "Remote Addr: #{CGI.new.remote_addr}"

Martin

 

[Ben Aroia]

The remote ip is a CGI parameters. All webservers should set this, you
can
read it with (assuming you use CGI):

require 'cgi'
$stderr.puts "Remote Addr: #{CGI.new.remote_addr}"

Martin

Thanks. I simply did the following:
<?php
echo "<input type=\"hidden\" name = \"ip\" value=\"".$REMOTE_ADDR."\" />
<br />";
?>
and then a
ip = cgi['ip'] in the ruby script.

 

[Arlen Cuss]

[Note: parts of this message were removed to make it a legal post.]

Hi,

<?php
echo "<input type=\"hidden\" name = \"ip\" value=\"".$REMOTE_ADDR."\" />
<br />";
?>
and then a
ip = cgi['ip'] in the ruby script.

This is dangerous to rely on. From a security point of a view (why do you
want their IP anyway? question #1.), anyone could just submit a different
`ip' value and you'd record that.

See take Martin's advice as is: CGI.new.remote_addr will return the address
without it being submitted via the PHP script, hence this line of `attack'
is eliminated.

Cheers,
Arlen.

 

[Ben Aroia]

Hi,
....
This is dangerous to rely on. From a security point of a view (why do
you
want their IP anyway? question #1.), anyone could just submit a
different
`ip' value and you'd record that.

See take Martin's advice as is: CGI.new.remote_addr will return the
address
without it being submitted via the PHP script, hence this line of
`attack'
is eliminated.

Cheers,
Arlen.

Very good point and I'll consider it. I'm simply using it to get a
general idea of how many times people access it.