I'm in the process of building my first API driven app. I am looking for a way to retrieve the server IP address that is making the request.
Here's the workflow.
[User Website] => Sends Auth Request To [API Server]
When the user makes the auth request from their website, I want the API server to retrieve the IP address of the users website. Right now, I've went through $_SERVER and it will either give me MY IP address from the API server or it will give me the IP address of the Users computer, NOT the IP address from their website.
Here's an example
[user:24.64.64.192] => BROWSER => [user-website:74.68.125.194] => API Request => [API Server:25.25.192.168]
Right now I can only get either 25.25.192.168 or 24.64.64.192. What I need to get is 74.68.125.194, {IP addresses are fictionalized}
So how can [API Server] retrieve 74.68.125.194 when the auth request is made?
Unless, I am missing something, the only thing I can think of doing is attaching the IP address as a parameter in my auth request
The IP Address of the device that made request is in $_SERVER['REMOTE_ADDR'];
But if you are using a reverse proxy or client website is connecting to your server through standard proxy you will find proxy's IP there because it's proxy that is forwarding the request to your server. In that case you want to look for $_SERVER['HTTP_X_FORWARDED_FOR'] or $_SERVER['HTTP_CLIENT_IP'] whether these values are set depends on the proxy.
As #Joe said in comments. If you can find the user's IP adress in these fields the request to API is coming directly from user's browser not from the user's website server. In that case you can't find the IP of website server because it's not involved in this request.
You might create some workaround (in JS) that would determine website server's IP and include it in API request.
Related
So why am I need my own ip by using get content? I want to use some tv channels which is m3u8 file and using m3u8?wmsAuthSign=code
wmsAuthSign code is changing everytime the page refresh it self and they are getting ip adrress inside of that code.
So i can't play the tv channel by my servers ip !
the code i gave down below is just an example :D
<?php
$myURL = "https://whatismyipaddress.com/ip-lookup";
$lines = file($myURL);
echo $lines[145];
?>
Is there any way that i can change it to my one ip adresse?
If you mean the client (browsers) IP:
That code is being executed on your server, so the machine fetching that URL is your server. The response then has your server's IP address.
If you want to get the IP address of the user that's accessing the server, you could use some of the $_SERVER variables (like $_SERVER['REMOTE_ADDR']) but due to the way the internet works, that may not be the user's IP address.
Your best bet there is to use javascript that runs on the user's browser to identify the user's IP address - though, since that is really under the user's control, you can't be certain it's accurate either.
If you mean you're getting the IP of a different server, not your web server: the method you're using only determines the IP address of the server acting as a gateway to the greater internet. If your web server is behind a firewall, you'll be getting the IP of the firewall. You may want to identify the web server's local IP address instead.
Because the server is executing the PHP code and is requesting the website, if you want to get the IP address of the current user see How to get the client IP address in PHP?
I have a PHP application in front of me that reads the IP address of the user from $_SERVER['REMOTE_ADDR'].
I don't seem to quite understand how it gets populated. I assume that it is basically reading the client IP address from the request headers. Is that correct?
Note:
I am not asking about whether it is providing the client IP address or not. The documentation already states that fact. I am more interested in the knowing about the "how". Is it retrieving the IP address implicitly from the request headers?
Not a network expert in any way, but as it's an HTTP request, it gets delivered over a TCP connection. The webserver populates $_SERVER['REMOTE_ADDR'] from a TCP socket that is used to communicate with the browser.
Hello I was wondering is it possible to forward a client/visitor ip address to another site via redirect or curl. For example lets say when a visitor comes to my site I want to do a redirect and send them to site1.com. But instead of requesting that website using my ip address, I want to forward their ip address and use their very own ip address. Or for instance lets say I want to do a curl request, but instead of using my server's ip address, I want to forward their ip address and use their's. Is this possible? Or can anyone point me in the right direction?? Thanks
1) A Visitor Visits My Site
2) Visitor IP Address Gets Forwarded And Visitor Gets Redirected To Another
Site
3) The Requesting Webpage See's Visitor IP Address Instead Of Mines
Due to Forwarding
You cannot use someone else's IP address when making HTTP requests (say, via CURL or sockets) because it's your server that is doing the request, and IP addresses are detected by the remote server (you have no control over them).
However, you can send a header that defines the user's IP address and that you're making the request on their behalf. X-Forwarded-For is commonly used for that. It is up to the remote server to honor this header.
CURL example:
curl_setopt($ch, CURLOPT_HTTPHEADER, [
"X-Forwarded-For: " . $_SERVER['REMOTE_ADDR']
]);
I have the following scenario. A person makes a request to my server, a controller handles this request. Inside this controller code I have a logic that makes another GET request to some endpoint. Is it possible to have/make the request to this GET endpoint on behalf of this person's IP address (use it as a proxy) instead of the server's IP address ??
If your server is making this request, server IP will be used, this is legit. As for http, you can use x-forwarded-for header to point recipient that your server is used like proxy for client.
Another solution is to force client to make this request via some sort of callbacks.
I would try to explain in diagrams
[REST SERVER] <--------> [JAVASCRIPT BASED WEBSITE] <--------> [USER]
192.168.0.2 192.168.0.3 192.168.0.123
How can I get the IP of the website that consumes the REST server instead of the USER's IP.
I tried using $_SERVER['REMOTE_ADDR'] and $_SERVER['HTTP_REFERRER'] but they both return the IP of the user.
Is it possible in the web? I'm using PHP for my REST server.
I'll assume here that you mean the website is hosted on 192.168.0.3. This means the user will be downloading the Javascript and HTML data from said server, and then execute it locally on 192.168.0.123. That Javascript is then going to make remote calls to the REST service from that local IP.
You want to know how to get the IP of the server that hosted the Javascript/HTML files before the client downloaded them, presumably in a reliable fashion. And the answer is that this is not possible. Because your actual schema looks like this:
[JAVASCRIPT BASED WEBSITE] <--------> [USER]
192.168.0.3 192.168.0.123
^
|
[REST SERVER] <--------------------------+
192.168.0.2
You cannot do this securely. You will have to make the javascript pass this to the server. And since javascript is run client side, this can be spoofed.
And even then, javascript does not have native functions to get you the IP address of the website. It can give you the domain name though. And then in, for example, PHP you can resolve this domain name to an IP address. Or have the javascript based web server give its IP address directly along. For example with the help of PHP, you can do in javascript: var myIP = '<?php echo $_SERVER['SERVER_ADDR']; ?>';
As a sidenote, the Origin header (can be spoofed) is ment for this purpose but a secure workaround would be some kind of handshake between JS server and REST server.
Javascript based webpage requests a token code via serverside, you put this token code into the javascript and send it to the rest server.
The rest server verifies the token code and then you know for sure where the javascript resides.
This is the only method of verifying the origin, it is not possible via plain IP addresses.