Is this property spoofable, or 100% trustworthy?
I want to be certain a request is coming from my box only.
I have to add this sentence because I can’t ask simple questions.
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Unless someone manipulates your TCP stack it is fully trustable.
it basically is an analysis of the network stack from the IIS layer on whether the request originated locally – most likely by coming from a 127.0.0.x address (yes, localhost is the whole at that time C network, not just 127.0.0.1).
There is no way to establish a TCp connection with a fake origin, so this data can be trusted.
indicates via decompiling it checks on 127.0.0.1 and ::1 – both are the common localhost addresses.
Again, and still, this is totally not fakeable unless you manipualte the network stack or the .net framework classes.
Thought it was because it relies on the IP, however it doesn’t work for me on Azure. So, to answer your question it’s not 100%, no.