Localhost always translates to the loopback IP address 127.0.0.1in IPv4, or ::1in IPv6, So validating the IP Within your application would be secure, if you mean

Localhost 始终转换为127.0.0.1IPv4 或::1IPv6 中的环回 IP 地址，因此如果您的意思是验证应用程序内的 IP 将是安全的

if(IPAddress::In(array("127.0.0.1","::1")))
{
     //Show Application
}

I Very much doubt that you will have a team of elite hackers after your port 80 but as a side note there has been some talk about flaws in relying on an IP address as TCP Packets can be modified.

我非常怀疑在您的端口 80 之后您是否会拥有一支精英黑客团队，但作为旁注，有一些关于依赖 IP 地址的缺陷的讨论，因为 TCP 数据包可以被修改。

But that should not be a worry for you.

但这不应该让你担心。

I'm not sure the answers so far are on point, but it may be me that's confused. I'm responding in particular to the part of your question that says, "not accessible over the Internet". Here's my attempt at an answer:

我不确定到目前为止的答案是否正确，但可能是我感到困惑。我特别回答你的问题中说“无法通过互联网访问”的部分。这是我对答案的尝试：

The web server, not PHP, listens on a socket and accepts connections. PHP can get information about the connection from $_SERVER (http://www.php.net/manual/en/reserved.variables.server.php). Be aware that all you're checking is from whence the connection came - you can't learn anything about whether your server is available via other IP addresses from $_SERVER. For example, I can access my local instance of Apache/PHP via any of:

Web 服务器（而不是 PHP）侦听套接字并接受连接。PHP 可以从 $_SERVER ( http://www.php.net/manual/en/reserved.variables.server.php)获取有关连接的信息。请注意，您正在检查的所有内容都来自连接的来源 - 您无法通过 $_SERVER 的其他 IP 地址了解您的服务器是否可用。例如，我可以通过以下任何方式访问我的本地 Apache/PHP 实例：

• http://localhost/($_SERVER["SERVER_ADDR"] => ::1)
• http://127.0.0.1/($_SERVER["SERVER_ADDR"] => 127.0.0.1)
• http://192.168.75.121/($_SERVER["SERVER_ADDR"] => 192.168.75.121)
• http://shiva.local/($_SERVER["SERVER_ADDR"] => fe80::21c:42ff:fe00:8)

• http://localhost/($_SERVER["SERVER_ADDR"] => ::1)
• http://127.0.0.1/($_SERVER["SERVER_ADDR"] => 127.0.0.1)
• http://192.168.75.121/($_SERVER["SERVER_ADDR"] => 192.168.75.121)
• http://shiva.local/($_SERVER["SERVER_ADDR"] => fe80::21c:42ff:fe00:8)

So, if your plan is that the app is to behave differently upon seeing the "correct" value in $_SERVER["SERVER_ADDR"], you're probably pretty safe - i.e., it's unlikely that could be spoofed by a user from a remote client.

因此，如果您的计划是应用程序在看到 $_SERVER["SERVER_ADDR"] 中的“正确”值时表现出不同的行为，那么您可能非常安全 - 即，它不太可能被远程用户欺骗客户。

Having said all of that, I would not use any of these techniques for either authentication of users or authorization of user privileges/actions on a deployed application that is available over the Internet. The one exception might be if you've got an entire app that is only to be available when accessed from localhost - then this technique probably makes decent sense and will be secure enough for a personal app.

说了这么多，我不会将这些技术中的任何一种用于用户身份验证或对通过 Internet 提供的已部署应用程序的用户权限/操作的授权。一个例外可能是，如果您有一个仅在从本地主机访问时才可用的整个应用程序 - 那么这种技术可能很有意义，并且对于个人应用程序来说足够安全。

You can also check the hostname localhost but if the server address is 127.0.0.1 then it should resolve. This is standard practice on ipv4. On ipv6 you are able to check ::1 as Robert Pitt suggests.

您还可以检查主机名 localhost 但如果服务器地址是 127.0.0.1 那么它应该解析。这是 ipv4 的标准做法。在 ipv6 上，您可以按照罗伯特·皮特的建议检查 ::1。