I have the following scenario. A person makes a request to my server, a controller handles this request. Inside this controller code I have a logic that makes another GET request to some endpoint. Is it possible to have/make the request to this GET endpoint on behalf of this person's IP address (use it as a proxy) instead of the server's IP address ??
If your server is making this request, server IP will be used, this is legit. As for http, you can use x-forwarded-for header to point recipient that your server is used like proxy for client.
Another solution is to force client to make this request via some sort of callbacks.
Related
To obtain the client IP address in my ASP.NET application I've used the X-Forwarded-For, and get the first IP address from the list (accordingly to the information I've found, there is a client, proxy1, proxy2..). But I've heard recently that it is better to get this information from X-Forwarded-IP header because the client IP address in X-Forwarded-For can be modified by proxy, what is the difference, and which one address should I use?
X-Forwarded-For is the conventional way of identifying the originating IP address of the user connecting to the web server coming from either a HTTP proxy, load balancer.
X-Forwarded-IP is the conventional way of identifying the originating IP address of the user connecting to the email server through an HTTP mail service.
X-Forwarded-For is a non-standard header, introduced originally by Squid. It is a proxy- specific header, that helps a server identify the original requestor of a call that did pass-through the proxy - so obviously any proxy on the request path should/will modify X-Forwarded-For. Without proxy on the request path, this header shouldn't even be in the request.
Because this header is non-standard, there is no guarantee you'll get it, and the way it is handled can differ on the proxy implementation. You have no guarantee either that it will contain a proper IP.
Since 2014, the IETF has approved a standard header definition for proxy, called "Forwarded", documented here https://www.rfc-editor.org/rfc/rfc7239 that should be use instead of X-Forwarded headers. This is the one you should use reliably to get originating IP in case your request is handled by a proxy.
In general, the proxy headers (Forwarded or X-Forwarded-For) are the right way to get your client IP only when you are sure they come to you via a proxy. If there is no proxy header or no usable value in, you should default to the REMOTE_ADDR server variable.
I have a web service access from my server IP, But I want to make an script and place on my server to let enduser connected to the script as relay for WSDL (requests and responses - SMS Services).
It's like a branch from the base. however I need to count requestes on my scripts too.
Unfortunately I don't have access to WSDL server code.
Also the enduser have to use the original WSDL (SOAP - php) client and I can't change enduser codes too.
So I have to ask enduser to connect to my server just like the original WSDL server then relay any request to WSDL server and same for resposes.
I can write a big class and Peer to Peer with many lines of codes. but I think there are better way for do this.
Any better Idea or solution?
To provide service orchestration, as SOAP web services are service interface based, it's better to implement the source WSDL on your side. Also, you have an option to set up a pass-through reverse proxy and the key point is rewriting SOAP requests and response address URL to your proxy server address. There are some solutions:
Use Nginx as a reverse proxy here is a related article by Jeff Geerling.
With WSO2 ESB you can set up pass-through SOAP proxy and inject your logic code, as far as I know, it supports PHP (I already did it with Java).
Write an HTTP reverse proxy program with PHP and don't forget to rewrite SOAP, WSDL requests and response address URLs with proxy server address. Here is an example.
You have another option to orchestrate the SMS service and counter service as a Restful service and make it transparent for the client.
I'm in the process of building my first API driven app. I am looking for a way to retrieve the server IP address that is making the request.
Here's the workflow.
[User Website] => Sends Auth Request To [API Server]
When the user makes the auth request from their website, I want the API server to retrieve the IP address of the users website. Right now, I've went through $_SERVER and it will either give me MY IP address from the API server or it will give me the IP address of the Users computer, NOT the IP address from their website.
Here's an example
[user:24.64.64.192] => BROWSER => [user-website:74.68.125.194] => API Request => [API Server:25.25.192.168]
Right now I can only get either 25.25.192.168 or 24.64.64.192. What I need to get is 74.68.125.194, {IP addresses are fictionalized}
So how can [API Server] retrieve 74.68.125.194 when the auth request is made?
Unless, I am missing something, the only thing I can think of doing is attaching the IP address as a parameter in my auth request
The IP Address of the device that made request is in $_SERVER['REMOTE_ADDR'];
But if you are using a reverse proxy or client website is connecting to your server through standard proxy you will find proxy's IP there because it's proxy that is forwarding the request to your server. In that case you want to look for $_SERVER['HTTP_X_FORWARDED_FOR'] or $_SERVER['HTTP_CLIENT_IP'] whether these values are set depends on the proxy.
As #Joe said in comments. If you can find the user's IP adress in these fields the request to API is coming directly from user's browser not from the user's website server. In that case you can't find the IP of website server because it's not involved in this request.
You might create some workaround (in JS) that would determine website server's IP and include it in API request.
What the cURL sends to the request's address? The PHP script is hosted on a dedicated server. When I'm accessing the script, is it sending my IP address or the server's one with a referer? I was always wondering this.
Since the PHP server is making the request, it is sending its own IP address.
I am using CURL along with a proxy provider to get data from certain website,
but when I try to make a request fiddler displays information only from the file using CURL and not from the proxy IP that actually makes the main request and brings the data.
How can I do to display what is being sent/received from the proxy request (proxy IP) in fiddler monitor? can I use fsockopen instead?
NOTE: As you may know a proxy is a mediator between the client and the server, in this case I am using CURL to retrieve information using a proxy provider as mentioned before, what I want to display in the Fiddler monitor is the request among the proxy and the requested website and not through the file using CURL which is already displayed.
Thank you.
You'd need access to the proxy server. e.g. given
you -> proxy -> site_you_want
you only have access to the you -> proxy connection, and cannot see what's happening on the proxy -> site_you_want link. That's a whole different machine and tcp connection, which you cannot access from where you're sitting.