I have 2 web servers, and at some time, web server A will need to request some data from web server B and for that it needs to send user's IP address. However, if I just call file_get_contents() on A server, B will detect IP address of server A and not from the user. Second option will be to pass IP address in query string, but nginx on server B is compiled with geoip module and i find country code in variable $_SERVER['COUNTRY_CODE'].
So my question, is there any way using CURL to pass user's IP address from server A to server B in the request? Probably I need to set some header and that header will be taken in consideration by geoip module?
Use this on server A:
curl www.domain.tld --header "X-Forwarded-For: xxx.xxx.xxx.xxx"
You need to replace client IP with xxx.xxx.xxx.xxx on server A.
Depending on your application you may need to instruct it to validate X-Forwarded-For on server B.
Related
Hello I was wondering is it possible to forward a client/visitor ip address to another site via redirect or curl. For example lets say when a visitor comes to my site I want to do a redirect and send them to site1.com. But instead of requesting that website using my ip address, I want to forward their ip address and use their very own ip address. Or for instance lets say I want to do a curl request, but instead of using my server's ip address, I want to forward their ip address and use their's. Is this possible? Or can anyone point me in the right direction?? Thanks
1) A Visitor Visits My Site
2) Visitor IP Address Gets Forwarded And Visitor Gets Redirected To Another
Site
3) The Requesting Webpage See's Visitor IP Address Instead Of Mines
Due to Forwarding
You cannot use someone else's IP address when making HTTP requests (say, via CURL or sockets) because it's your server that is doing the request, and IP addresses are detected by the remote server (you have no control over them).
However, you can send a header that defines the user's IP address and that you're making the request on their behalf. X-Forwarded-For is commonly used for that. It is up to the remote server to honor this header.
CURL example:
curl_setopt($ch, CURLOPT_HTTPHEADER, [
"X-Forwarded-For: " . $_SERVER['REMOTE_ADDR']
]);
I would try to explain in diagrams
[REST SERVER] <--------> [JAVASCRIPT BASED WEBSITE] <--------> [USER]
192.168.0.2 192.168.0.3 192.168.0.123
How can I get the IP of the website that consumes the REST server instead of the USER's IP.
I tried using $_SERVER['REMOTE_ADDR'] and $_SERVER['HTTP_REFERRER'] but they both return the IP of the user.
Is it possible in the web? I'm using PHP for my REST server.
I'll assume here that you mean the website is hosted on 192.168.0.3. This means the user will be downloading the Javascript and HTML data from said server, and then execute it locally on 192.168.0.123. That Javascript is then going to make remote calls to the REST service from that local IP.
You want to know how to get the IP of the server that hosted the Javascript/HTML files before the client downloaded them, presumably in a reliable fashion. And the answer is that this is not possible. Because your actual schema looks like this:
[JAVASCRIPT BASED WEBSITE] <--------> [USER]
192.168.0.3 192.168.0.123
^
|
[REST SERVER] <--------------------------+
192.168.0.2
You cannot do this securely. You will have to make the javascript pass this to the server. And since javascript is run client side, this can be spoofed.
And even then, javascript does not have native functions to get you the IP address of the website. It can give you the domain name though. And then in, for example, PHP you can resolve this domain name to an IP address. Or have the javascript based web server give its IP address directly along. For example with the help of PHP, you can do in javascript: var myIP = '<?php echo $_SERVER['SERVER_ADDR']; ?>';
As a sidenote, the Origin header (can be spoofed) is ment for this purpose but a secure workaround would be some kind of handshake between JS server and REST server.
Javascript based webpage requests a token code via serverside, you put this token code into the javascript and send it to the rest server.
The rest server verifies the token code and then you know for sure where the javascript resides.
This is the only method of verifying the origin, it is not possible via plain IP addresses.
I have a hosting account with a domain, the domain not yet resolved to the IP address (not inserted DNS records yet). I know the IP of the server, and the domain is configured on the server.
Now I want to get the content of the website using PHP (with curl for example).
On my (windows) computer I can simply edit the hosts (windows/system32/drivers/etc/hosts) file to achieve this, but how can this be achieved within a PHP-script?
Backtground information:
I need to run a PHP script on a hosting account where the domainname is under registry. I use DirectAdmin on my own server, and normally the website will also be visible under ipaddress/~username. But as the server is on suPHP strict settings it will not run PHP-code that way. As the script should be working on any webserver, adjusting the suPHP settings to allow this is no option
You could directly use the IP address of the Web Server with manually formed "Host" request header value as your domain name which is under registry.
Assuming your domain name is foo-test.com, it is yet to be added to DNS record but already virtually hosted in a Web Server who is IP address is 1.1.1.1.
(Below example uses command line curl HTTP client)
curl --header "Host: foo-test.com" "http://1.1.1.1"
(Note: Host header value is used by Web Server to identify the virtually hosted Web Sites)
I have a login form on one server, server A. Hosted on another server, server B, I have a script to check the data and return the result. Server B sends the result to server A, but I don't want to pass the result back in the URL or headers with various redirects, because people can spoof a "true/false" to change the result of the login.
e.g.
I can't use HTTPS/SSL as my web host does not support it for free.
You could set up an ssh tunnel between the servers and have the web server on B listen only on localhost:Bs_tunnel_port, while A connects to its localhost:As_tunnel_port.
Or get that SSL thing going... ;)
There are 2 servers A and B. I have my php script in server B.
Now, the client sends some data to server A and server A sends it to server B.
I want to get the IP address on which the request came(that is server A). How can I do it using php?
If I use $_SERVER['REMOTE_ADDR'], I get the clients IP address.
If I use $_SERVER['SERVER_ADDR'], I get the null value.
$_SERVER['SERVER_NAME'] and $_SERVER['HTTP_HOST'] should return the DNS name of the server. If you can use the DNS instead of the IP I think maybe you should try with one of these variables. Although, as mentioned earlier, if $_SERVER['SERVER_ADDR'] isnĀ“t populated you probably have a faulty configuration.
Provide information about server, IIS/Apache, OS, PHP version, it might be easier to help.
Also, try echoing/logging $_SERVER['SERVER_ADDR'] on server A where the request comes in and see if you get a value from there because reading $_SERVER['SERVER_ADDR'] on server B should give you IP of server B. If you get a value on server A you can save/pass the value forward to server B in code (wherever your transaction from server A to B takes place).
"The IP address of the server under which the current script is executing."