Asp Forum - remote ip address

Ben Aroia

3/29/2008 11:13:00 PM

I am going to be using a simple ip limiting system on a site I'm working
on and using php you can get the remote ip simply by calling something
like
<?php echo $REMOTE_ADDR; ?>
Is there a similar method in ruby? I am not using rails, not supported
on the server I'm using. Thanks
--
Posted via http://www.ruby-....

8 Answers

Iñaki Baz Castillo

3/29/2008 11:30:00 PM

El Domingo, 30 de Marzo de 2008, Ben Aroia escribi=C3=B3:
> I am going to be using a simple ip limiting system on a site I'm working
> on and using php you can get the remote ip simply by calling something
> like
> <?php echo $REMOTE_ADDR; ?>
> Is there a similar method in ruby? I am not using rails, not supported
> on the server I'm using. Thanks

That depends on the Ruby web server you are using. The source IP is obtaine=
d=20
from the connection Ruby socket (if Ruby handles the conecction) but if you=
=20
are using a web server that is the responsible of handling the TCP connecti=
on=20
and providing the origin address:port in form of variable and so.

=2D-=20
I=C3=B1aki Baz Castillo

Ben Aroia

3/29/2008 11:51:00 PM

IÃ±aki Baz Castillo wrote:
> El Domingo, 30 de Marzo de 2008, Ben Aroia escribiÃ³:
>> I am going to be using a simple ip limiting system on a site I'm working
>> on and using php you can get the remote ip simply by calling something
>> like
>> <?php echo $REMOTE_ADDR; ?>
>> Is there a similar method in ruby? I am not using rails, not supported
>> on the server I'm using. Thanks
>
> That depends on the Ruby web server you are using. The source IP is
> obtained
> from the connection Ruby socket (if Ruby handles the conecction) but if
> you
> are using a web server that is the responsible of handling the TCP
> connection
> and providing the origin address:port in form of variable and so.

Apache/1.3.34 Ben-SSL/1.55 is the server info. It goes index.php has a
form that is submitted using GET to /ruby.rb. ruby.rb generates the
content for the page depending on the form input. I'm not sure if I'm
all that clear. It's not a ruby web server. It's just a script on a web
server.
--
Posted via http://www.ruby-....

Iñaki Baz Castillo

3/29/2008 11:56:00 PM

El Domingo, 30 de Marzo de 2008, Ben Aroia escribi=C3=B3:

> Apache/1.3.34 Ben-SSL/1.55 is the server info. It goes index.php has a
> form that is submitted using GET to /ruby.rb. ruby.rb generates the
> content for the page depending on the form input. I'm not sure if I'm
> all that clear. It's not a ruby web server. It's just a script on a web
> server.

So, does PHP call to a Ruby script?

If that, the only way is that PHP passes the source address as a parameter =
to=20
the Ruby script. Note that in your case Ruby is not handling the socket at=
=20
ALL, so it's no way to get the address IP:port except passing it as=20
parameter.

=2D-=20
I=C3=B1aki Baz Castillo

Ben Aroia

3/29/2008 11:58:00 PM

IÃ±aki Baz Castillo wrote:
> El Domingo, 30 de Marzo de 2008, Ben Aroia escribiÃ³:
>
>> Apache/1.3.34 Ben-SSL/1.55 is the server info. It goes index.php has a
>> form that is submitted using GET to /ruby.rb. ruby.rb generates the
>> content for the page depending on the form input. I'm not sure if I'm
>> all that clear. It's not a ruby web server. It's just a script on a web
>> server.
>
> So, does PHP call to a Ruby script?
>
> If that, the only way is that PHP passes the source address as a
> parameter to
> the Ruby script. Note that in your case Ruby is not handling the socket
> at
> ALL, so it's no way to get the address IP:port except passing it as
> parameter.

Ah. Ok. Thanks.
--
Posted via http://www.ruby-....

Martin Boese

3/30/2008 8:09:00 AM

The remote ip is a CGI parameters. All webservers should set this, you can=
=20
read it with (assuming you use CGI):

require 'cgi'
$stderr.puts "Remote Addr: #{CGI.new.remote_addr}"

Martin

On Sunday 30 March 2008 00:51:25 Ben Aroia wrote:
> I=C3=B1aki Baz Castillo wrote:
> > El Domingo, 30 de Marzo de 2008, Ben Aroia escribi=C3=B3:
> >> I am going to be using a simple ip limiting system on a site I'm worki=
ng
> >> on and using php you can get the remote ip simply by calling something
> >> like
> >> <?php echo $REMOTE_ADDR; ?>
> >> Is there a similar method in ruby? I am not using rails, not supported
> >> on the server I'm using. Thanks
> >
> > That depends on the Ruby web server you are using. The source IP is
> > obtained
> > from the connection Ruby socket (if Ruby handles the conecction) but if
> > you
> > are using a web server that is the responsible of handling the TCP
> > connection
> > and providing the origin address:port in form of variable and so.
>
> Apache/1.3.34 Ben-SSL/1.55 is the server info. It goes index.php has a
> form that is submitted using GET to /ruby.rb. ruby.rb generates the
> content for the page depending on the form input. I'm not sure if I'm
> all that clear. It's not a ruby web server. It's just a script on a web
> server.

Ben Aroia

3/30/2008 8:24:00 AM

Martin Boese wrote:
> The remote ip is a CGI parameters. All webservers should set this, you
> can
> read it with (assuming you use CGI):
>
> require 'cgi'
> $stderr.puts "Remote Addr: #{CGI.new.remote_addr}"
>
> Martin

Thanks. I simply did the following:
<?php
echo "<input type=\"hidden\" name = \"ip\" value=\"".$REMOTE_ADDR."\" />
<br />";
?>
and then a
ip = cgi['ip'] in the ruby script.
--
Posted via http://www.ruby-....

Arlen Cuss

3/30/2008 8:30:00 AM

[Note: parts of this message were removed to make it a legal post.]

Hi,

On Sun, Mar 30, 2008 at 7:24 PM, Ben Aroia <benaroia@gmail.com> wrote:

> <?php
> echo "<input type=\"hidden\" name = \"ip\" value=\"".$REMOTE_ADDR."\" />
> <br />";
> ?>
> and then a
> ip = cgi['ip'] in the ruby script.
>

This is dangerous to rely on. From a security point of a view (why do you
want their IP anyway? question #1.), anyone could just submit a different
`ip' value and you'd record that.

See take Martin's advice as is: CGI.new.remote_addr will return the address
without it being submitted via the PHP script, hence this line of `attack'
is eliminated.

Cheers,
Arlen.

Ben Aroia

3/30/2008 8:38:00 AM

Arlen Cuss wrote:
> Hi,
>....
> This is dangerous to rely on. From a security point of a view (why do
> you
> want their IP anyway? question #1.), anyone could just submit a
> different
> `ip' value and you'd record that.
>
> See take Martin's advice as is: CGI.new.remote_addr will return the
> address
> without it being submitted via the PHP script, hence this line of
> `attack'
> is eliminated.
>
> Cheers,
> Arlen.

Very good point and I'll consider it. I'm simply using it to get a
general idea of how many times people access it.
--
Posted via http://www.ruby-....

comp.lang.ruby

remote ip address

Ben Aroia

Iñaki Baz Castillo

Ben Aroia

Iñaki Baz Castillo

Ben Aroia

Martin Boese

Ben Aroia

Arlen Cuss

Ben Aroia

x Login to ForumsZone