Hello I was wondering is it possible to forward a client/visitor ip address to another site via redirect or curl. For example lets say when a visitor comes to my site I want to do a redirect and send them to site1.com. But instead of requesting that website using my ip address, I want to forward their ip address and use their very own ip address. Or for instance lets say I want to do a curl request, but instead of using my server's ip address, I want to forward their ip address and use their's. Is this possible? Or can anyone point me in the right direction?? Thanks
1) A Visitor Visits My Site
2) Visitor IP Address Gets Forwarded And Visitor Gets Redirected To Another
Site
3) The Requesting Webpage See's Visitor IP Address Instead Of Mines
Due to Forwarding
You cannot use someone else's IP address when making HTTP requests (say, via CURL or sockets) because it's your server that is doing the request, and IP addresses are detected by the remote server (you have no control over them).
However, you can send a header that defines the user's IP address and that you're making the request on their behalf. X-Forwarded-For is commonly used for that. It is up to the remote server to honor this header.
CURL example:
curl_setopt($ch, CURLOPT_HTTPHEADER, [
"X-Forwarded-For: " . $_SERVER['REMOTE_ADDR']
]);
Related
I'm in the process of building my first API driven app. I am looking for a way to retrieve the server IP address that is making the request.
Here's the workflow.
[User Website] => Sends Auth Request To [API Server]
When the user makes the auth request from their website, I want the API server to retrieve the IP address of the users website. Right now, I've went through $_SERVER and it will either give me MY IP address from the API server or it will give me the IP address of the Users computer, NOT the IP address from their website.
Here's an example
[user:24.64.64.192] => BROWSER => [user-website:74.68.125.194] => API Request => [API Server:25.25.192.168]
Right now I can only get either 25.25.192.168 or 24.64.64.192. What I need to get is 74.68.125.194, {IP addresses are fictionalized}
So how can [API Server] retrieve 74.68.125.194 when the auth request is made?
Unless, I am missing something, the only thing I can think of doing is attaching the IP address as a parameter in my auth request
The IP Address of the device that made request is in $_SERVER['REMOTE_ADDR'];
But if you are using a reverse proxy or client website is connecting to your server through standard proxy you will find proxy's IP there because it's proxy that is forwarding the request to your server. In that case you want to look for $_SERVER['HTTP_X_FORWARDED_FOR'] or $_SERVER['HTTP_CLIENT_IP'] whether these values are set depends on the proxy.
As #Joe said in comments. If you can find the user's IP adress in these fields the request to API is coming directly from user's browser not from the user's website server. In that case you can't find the IP of website server because it's not involved in this request.
You might create some workaround (in JS) that would determine website server's IP and include it in API request.
So why am I need my own ip by using get content? I want to use some tv channels which is m3u8 file and using m3u8?wmsAuthSign=code
wmsAuthSign code is changing everytime the page refresh it self and they are getting ip adrress inside of that code.
So i can't play the tv channel by my servers ip !
the code i gave down below is just an example :D
<?php
$myURL = "https://whatismyipaddress.com/ip-lookup";
$lines = file($myURL);
echo $lines[145];
?>
Is there any way that i can change it to my one ip adresse?
If you mean the client (browsers) IP:
That code is being executed on your server, so the machine fetching that URL is your server. The response then has your server's IP address.
If you want to get the IP address of the user that's accessing the server, you could use some of the $_SERVER variables (like $_SERVER['REMOTE_ADDR']) but due to the way the internet works, that may not be the user's IP address.
Your best bet there is to use javascript that runs on the user's browser to identify the user's IP address - though, since that is really under the user's control, you can't be certain it's accurate either.
If you mean you're getting the IP of a different server, not your web server: the method you're using only determines the IP address of the server acting as a gateway to the greater internet. If your web server is behind a firewall, you'll be getting the IP of the firewall. You may want to identify the web server's local IP address instead.
Because the server is executing the PHP code and is requesting the website, if you want to get the IP address of the current user see How to get the client IP address in PHP?
I am working on a WordPress website and have the plugin WP Security installed. It tells me the current IP Address I am on when viewing the website. However the IP address it is producing isn't my correct IP address. I did the same thing on another WordPress website and it did produce the correct IP address.
The reason I'm trying to figure out the IP address is because someone entered their login credentials wrong 5 times. The website is set up so when that happens it locks that person out of website for an hour. Well when this happened it didn't just block their IP address, but blocked our IP address and the clients IP address. And the IP address it said it was blocking was neither of ours.
What could be the reasoning for this single website to be grabbing the incorrect IP address and believing it belongs to us and our client?
EDIT: after looking into it a little more the IP address that is showing up on this website is through Liquid Web, our hosting provider. So it is showing that IP address instead of our current/local IP address.
"All" traffic is routed to your webserver via another server (CDN, Firewall, Nginx etc). Following a failed login attempt the WP plugin is blacklisting this intermediate servers IP address locking everyone out.
Typically php scripts gets the visitors IP frome the REMOTE_ADDR environment variable: but depending on configuration with e.g. intermediate Nginx server REMOTE_ADDR may contain the nginx server IP; and the "real visitor" IP may be in HTTP_X_REAL_IP
You can use this script to: check which environment variable on your site contains the actual visitor IP.
It would be useful if you provided the link to the site from which you got the WP Security plugin.
Solution:
Ask your host provider to configure servers so REMOTE_ADDR on your web server will contain visitors IP; or
If you know which environment var is valid (above); then the security plugin may have a setting to configure accordingly; or
Report as a bug on plugins support forum.
I have 2 web servers, and at some time, web server A will need to request some data from web server B and for that it needs to send user's IP address. However, if I just call file_get_contents() on A server, B will detect IP address of server A and not from the user. Second option will be to pass IP address in query string, but nginx on server B is compiled with geoip module and i find country code in variable $_SERVER['COUNTRY_CODE'].
So my question, is there any way using CURL to pass user's IP address from server A to server B in the request? Probably I need to set some header and that header will be taken in consideration by geoip module?
Use this on server A:
curl www.domain.tld --header "X-Forwarded-For: xxx.xxx.xxx.xxx"
You need to replace client IP with xxx.xxx.xxx.xxx on server A.
Depending on your application you may need to instruct it to validate X-Forwarded-For on server B.
What the cURL sends to the request's address? The PHP script is hosted on a dedicated server. When I'm accessing the script, is it sending my IP address or the server's one with a referer? I was always wondering this.
Since the PHP server is making the request, it is sending its own IP address.