How to check if user is visiting site from our own local network or common internet.
Suppose, If somebody scans the qr code in our restaurant, it links to something, which is checking, are you connected to the local network or you're opening it from global? (no idea how)
Local - redirecting to the local domain (no idea how i can do this also, eg. restaurant.menu)
Global - redirecting to the global domain (eg. menu.com)
You can check the IP of the customer and compare it with IP range of your network. If the customer IP falls in your range redirect the user to local site otherwise to your global site.
You can use $_SERVER['REMOTE_ADDR']; to get IP of user visiting the site from the QR code.
You can setup a dns record for your local IP (external IP). The IPs mentioned in the comment 10.100.109.10-256 are private IPs and not publicly accessible. These wont work, search on google with what is my ip and I am sure you will get many options.
Once done you can create a script which will get user ip address ($_SERVER['REMOTE_ADDR'];) and do a gethostbyaddr() lookup to get the hostname associated with that IP. If the hostname matches the one you have set, your visitor is from a local connection.
For the redirection to work, if your website is hosted on server that is not in the same network as your router then you need to have a public facing domain name (ie. restaurant.menu should be reachable publicly)
A second approach could be to redirect the traffic at the router level. If your router allows you can setup a redirection in the router itself. If it does not you will need to setup a dns server. In this dns server you will specify the desired (local) IP address for the domain. You router needs to have a backup dns to keep resolving other domains.
These are hacks but if implemented correctly they will provide very predictable results.
Related
I plan to make a web application. The workflow will be the client scan QR code using his phone to go to some specific URL.
But interested to me is there any option to I can limit visit that URL if the request didn't comment from a specific WiFi network? I do not want to anybody take a photo and fake requests.
There are multiple ways to do it:
If your specific WiFi network has a fixed WAN IP / IP range, you can write your application to detect the client IP and check if they came from there. You may check $_SERVER['REMOTE_ADDR'] for the client's IP (if your server is not behind reverse proxy). Your server is still publicly available, but your PHP code will only allow the whitelisted IP to access the certain URL path.
If you want even better security, you may place your server in your local network. You can use local IP in your QR code for users to access it. This way, the server will not be available on the internet at all.
I am working on a WordPress website and have the plugin WP Security installed. It tells me the current IP Address I am on when viewing the website. However the IP address it is producing isn't my correct IP address. I did the same thing on another WordPress website and it did produce the correct IP address.
The reason I'm trying to figure out the IP address is because someone entered their login credentials wrong 5 times. The website is set up so when that happens it locks that person out of website for an hour. Well when this happened it didn't just block their IP address, but blocked our IP address and the clients IP address. And the IP address it said it was blocking was neither of ours.
What could be the reasoning for this single website to be grabbing the incorrect IP address and believing it belongs to us and our client?
EDIT: after looking into it a little more the IP address that is showing up on this website is through Liquid Web, our hosting provider. So it is showing that IP address instead of our current/local IP address.
"All" traffic is routed to your webserver via another server (CDN, Firewall, Nginx etc). Following a failed login attempt the WP plugin is blacklisting this intermediate servers IP address locking everyone out.
Typically php scripts gets the visitors IP frome the REMOTE_ADDR environment variable: but depending on configuration with e.g. intermediate Nginx server REMOTE_ADDR may contain the nginx server IP; and the "real visitor" IP may be in HTTP_X_REAL_IP
You can use this script to: check which environment variable on your site contains the actual visitor IP.
It would be useful if you provided the link to the site from which you got the WP Security plugin.
Solution:
Ask your host provider to configure servers so REMOTE_ADDR on your web server will contain visitors IP; or
If you know which environment var is valid (above); then the security plugin may have a setting to configure accordingly; or
Report as a bug on plugins support forum.
I am wondering about a certain server setup.
Lets say I have a web server running on my local network, which is accessible using an url such as www.example.com from within and also outside the network.
I would like my PHP website to be able to determine if a request comes from within the internal LAN or from the outside. I doubt that this will be possible using the IP address as the request will look as if it is coming from a public IP address, and not the internal one 192.168.x.x. Also the public IP might change from time to time.
Would this be possible, and how could i achieve this in PHP?
If your requests comes from inside the lan then the $_SERVER['REMOTE_ADDR'] will be from a private ip address group, if if comes from outside the lan it will not.
Unless you have a poorly configured internal network, but this will probably not be the case.
look here for the correct address groups
http://en.wikipedia.org/wiki/Private_network
If your internal dns server resolves example.com to the public ip then the requests will appear to come from the public ip as well, so if this is the case you also know that the request came from inside.
As long as you know what the external NAT IP range is for your office, you should be able to do this easily be accessing the $_SERVER['REMOTE_ADDR'] value.
I'm hosting my own website on my personal server running Ubuntu server. My public IP address is showing up in the status bar each time someone visits my sites or hovers over one of the links on the pages (i.e. when going to the home page it says waiting for myipaddress/index.php). I have purchased a domain name with godaddy. While I was able to find the option of mask the url in the address bar in the admin page, I was able to find no such option for the status page. Initially, I tried to embed JavaScript code into the php files but I later learnt from various posts (link) that we cannot control what is displayed in the status bar .
All I want to do is to display my domain name instead of my IP address each time the page loads and each time the user hover's over a link. Any ideas of how I should go about this?
You should just have your domain name point to your IP address and setup the site on your server to handle that domain. Then all requests will go to that domain name instead of directly to your IP address.
Note: it's very easy to find the IP address for any web server (based on a domain name) so you can't really hide it, but you can set it up so that it behaves just like any regular site that uses a domain name instead of an IP address.
Have you done anything to connect the webserver and the domain name? You're going to need name servers, often your domain provider will have something you can use, or you can run your own. The name server is like a phone book for websites. It says mydomain.com can be found at IP address 123.whatever. Until you have an entry in a name server 'phone book' you will not be able to access it through that domain name.
You'll also need to setup something on the webserver so it will know what to serve when it gets a request pointed to that domain, if you're using apache, likely it will be a virtual host entry in the appropriate config file.
I'm doing a PHP cURL post, using a complete URL (http://www.mysite.com), from one page to another on the same site. (I know this isn't the best way to do it; but for my purpose this is what I need)
My question is:
Will the cURL post still go out across the internet, do a name lookup and travel a route as though it were a post coming from a different site. Or will the post stay on the servers local network?
There are multiple parts to the request, the dns lookup and the get or post to the site.
DNS Records are usually cached on most OSes, so it's rather unlikely that the server would have to do a dns lookup for it's own external ip, but it's possible.
As for the post, let's assume a basic layout:
Firewall => DMZ Apache PHP Server (www.mysite.com)
222.xxx.xxx.123 => 192.168.0.2
And mysite.com resolves to 222.xxx.xxx.123, then your request will go to your firewall's external interface and bounce back in. That's not terribly public traffic, but it goes out none-the less.
However, if you wanted to bypass that, you could put an entry in the host file of the server to say
127.0.0.1 mysite.com
(assuming you control the server, ie not shared hosting)
No. The post itself (unless you have multiple interfaces and your routing is totally screwed up) will not traverse the internet. Your local host ought to be able to resolve its own name as well, but there is a possibility that a DNS request will be made to determine the IP address corresponding to the name. I would hope that the network stack implementation on your system would prevent the post's packets from even hitting the wire (similar to localhost), but I wouldn't count on it.
It depends on your network setup. Many sites have a domain name pointing to the IP address of a front facing router or load balancer which forward the request to the web server.
If that's the case a request to your own site can make a round-trip to the router. Though it's unlikely that the request will go through the internet unless you have a very unusual setup (such as round robin DNS with multiple datacenters).
You can avoid the round-trip by associating the site FQDN to the loopback interface in your webserver /etc/hosts which will also save you a DNS request.