- 최신
- 최다 투표
- 가장 많은 댓글
Yes, that's the best way to identify the source IP address in this case.
Can the source IP address be spoofed? Yes - a malicious actor might be coming from a proxy server (or multiple proxy servers). Could someone fake their IP address to look like someone else's (i.e. appear to come from an IP that is legitimately allowed to access your application)? That would be much harder. Not necessarily impossible but certainly harder - unless the source network is compromised or there is some way to "bounce" traffic through that network.
I'm generally not in favour of using source IP as a security measure. Instead, use strong (two-factor) authentication to determine the user identity. Restricting to IP addresses can also have undesired consequences in the event of a disaster - your customer may want to access the service but cannot because they are temporarily coming from a different IP range.