I want to verify the Googlebot using the following function. But this function does not support ipv6
php document for gethostbyaddr()
One solution was mentioned in the link below, but it does not work :
A solution that does not work
I want to get the domain name and then match it with the following statements:
google.com
googlebot.com
In the following link, you can see examples of Google IP:
https://www.lifewire.com/what-is-the-ip-address-of-google-818153
Do you know a solution to this issue?
If the client sent the request using IPv4, then you'll get the IPv4 address. If your server is serving IPV6 they sent the request using IPv6, you'll get the IPv6 address.
A client will send a request to your server using only one protocol.
Related
I am running into an issue in relation to security and verification. I have a software that checks to confirm a user, and I need to make sure it's the same client sending a PHP request and a node server request. However, on the node server, the client's IP is shown in IPv4, and on the PHP it is shown in IPv6. Is there any way I can get the same output somewhere, for example extract the IPv6 on the node server, or the IPv4 on the PHP server? Thanks.
Obtaining the same IP or verifying that it is the same client despite a "different" IPv4 and IPv6
The problem is that IPv6 and IPv4 are not coupled in any way. There's no way to deduce a v6 address from the v4 address or the other way around.
In my humble opionion, verifying users by their IP addresses is something you should avoid as IP addresses are spoofable, and the practice leads to these kind of issues. That said, there are a couple of "solutions".
Disable IPv6 on the webserver that's hosting the PHP application. Since you haven't mentioned which type of webserver this is, you should be able to google something like 'disable ipv6 apache' on how to achieve this. This should garantuee an identical IPv4 address on both servers. I personally don't particularly like this solution as it hinders IPv6 adoption.
Enable IPv6 on the node server. Please note that clients can still prefer IPv4 over IPv6 for any reason at all and there's no way to garantuee that it will use IPv6 to both webservers.
You could proxy all calls from one webserver to the other and pass the original IP in for example an 'X-Forwarded-For' header. This will introduce some overhead, but the source IP will be stabler.
Personally, I'd shy away from using the IP address and implement some sort of token stored on the client that can be verified on both servers by means of a shared database if that is an option.
i have a litle php website which shows the ip adress from the visitor. I have seen other sites which can show the IPv4 and the IPv6 Adress. When i visit my page i only see the IPv6 adress. When i visit for example wieistmeineip.de i see both (even without javascript). I think they let the client make a second request on a server that only excepts IPv4. Have any one a solution for that? What would be the easiest way to only except IPv4 on an second server and to get both request from the client?
Thanks a lot
Frank
I'm working a PHP script to try and resolve a vague URL (for example typing in facebook.com) as an absolute url (such as https://www.facebook.com); similar to what your browser does on a daily basis using PHP.
So far I've got the following code:
$link = gethostbyname("facebook.com");
This provides an IPV4 address, which works, but then when I reverse lookup using:
$link2 = gethostbyaddr($link);
I'm expecting to receive a valid URL like "https://www.facebook.com", but instead, I get garbage such as "'edge-star-mini-shv-13-atn1.facebook.com'"
This then breaks any hope of using fopen or curl to try and read the contents of the webpage.
Can anyone explain what's gone wrong here and how I can resolve it?
EDIT: Attempting an insecure URL like "google.co.uk" returns "'lhr25s10-in-f3.1e100.net'", so it's not something to do with secure HTTP (HTTPS)
gethostbyaddr gets a hostname, not a URL, for an IP address.
Multiple hostnames can be assigned to a single IP address.
gethostbyaddr will get the default one.
An HTTP server listening on that IP address will handle requests to all the hostnames.
An HTTP request includes a request header called Host which specifies which hostname you are asking for.
The HTTP server can pay attention to that header and serve up different content for different hostnames. This allows multiple websites to be hosted on a single IP address. This is very useful since IPv4 addresses are in limited supply and there are many, many websites.
You are getting the default hostname for the computer hosting facebook.com, but the webserver isn't hosting the website you want on that hostname.
I have seen this page and plenty others, but all propose solution not suitable for me. I have same problem that the one in link I provided.
I am trying to use Google+ API functions, so users can log in to my page with Google account.
When I had redirect_uri to localhost:
$client->setRedirectUri("https://localhost/...");
everything worked. But then I changed it to local ip 192.168.1.10 and get error (on url https://accounts.google.com/o/oauth2/auth?response_type=code&redirect_uri=https%3A%2F%2F192.168.1.10.......)
That’s an error.
Error: invalid_request
device_id and device_name are required for private IP:
I don't know what should I do. I use PHP server wrappers.
I can not change etc/hosts because I am also trying my code on mobile (Android, IPAD). So, local IP is necessary, to test it on Mobile. I want to avoid setting up a test page on some real server, because testing web page on localhost is the fastest way, when still developing the page.
If you cannot change the hosts file of some of your devices, I guess your best bet is to use a local DNS server to fake a domain, just like you would do with an entry in your /etc/hosts.
This answer should help you with this:
https://unix.stackexchange.com/a/64944
If you set your devices to use your computer as nameserver it should be possible to spoof a domain and use this domain for testing oauth2 authentication.
Here is some more information about this error:
http://developers.blog.box.com/2012/12/19/going-beyond-oauth2-byod-in-the-enterprise/
device_id and devive_name are mentioned in the specs as well: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-31#section-3.2.1
Google does not accept a local (private) IP address when doing Oauth or API calls. Instead, you can add an entry in your Windows hosts file for the local IP: \Windows\System32\drivers\etc
192.168.1.10 fakedomain.com
Then use fakedomain.com to callback URI in google instead of your local IP address.
Finally browse the service with http://fakedomain.com
Can some one help me to read out the IPv6?
I tried this Working with IPv6 Addresses in PHP but it does not work for me..
There is no problem to get the IPv4 over
echo $_SERVER['REMOTE_ADDR'];
but can someone tell me how i get the IPv6?
This Site can read both (IPv4 and IPv6): http://ipv6-test.com/api/. But I try it without any api, is that possible?
Thanks
You have the right idea, but the request has to be made with IPv6 if you want an IPv6 address.
The site you link to probably works by having a page that loads resource from a server only accessible via IPv6. If it works, then you know the address.
I would just build a site that fires off AJAX requests to the same server, one via IPv4 and one via IPv6. Use its IP addresses to rule out any local DNS issues where IPv6 may not be supported.