I would try to explain in diagrams
[REST SERVER] <--------> [JAVASCRIPT BASED WEBSITE] <--------> [USER]
192.168.0.2 192.168.0.3 192.168.0.123
How can I get the IP of the website that consumes the REST server instead of the USER's IP.
I tried using $_SERVER['REMOTE_ADDR'] and $_SERVER['HTTP_REFERRER'] but they both return the IP of the user.
Is it possible in the web? I'm using PHP for my REST server.
I'll assume here that you mean the website is hosted on 192.168.0.3. This means the user will be downloading the Javascript and HTML data from said server, and then execute it locally on 192.168.0.123. That Javascript is then going to make remote calls to the REST service from that local IP.
You want to know how to get the IP of the server that hosted the Javascript/HTML files before the client downloaded them, presumably in a reliable fashion. And the answer is that this is not possible. Because your actual schema looks like this:
[JAVASCRIPT BASED WEBSITE] <--------> [USER]
192.168.0.3 192.168.0.123
^
|
[REST SERVER] <--------------------------+
192.168.0.2
You cannot do this securely. You will have to make the javascript pass this to the server. And since javascript is run client side, this can be spoofed.
And even then, javascript does not have native functions to get you the IP address of the website. It can give you the domain name though. And then in, for example, PHP you can resolve this domain name to an IP address. Or have the javascript based web server give its IP address directly along. For example with the help of PHP, you can do in javascript: var myIP = '<?php echo $_SERVER['SERVER_ADDR']; ?>';
As a sidenote, the Origin header (can be spoofed) is ment for this purpose but a secure workaround would be some kind of handshake between JS server and REST server.
Javascript based webpage requests a token code via serverside, you put this token code into the javascript and send it to the rest server.
The rest server verifies the token code and then you know for sure where the javascript resides.
This is the only method of verifying the origin, it is not possible via plain IP addresses.
Related
So why am I need my own ip by using get content? I want to use some tv channels which is m3u8 file and using m3u8?wmsAuthSign=code
wmsAuthSign code is changing everytime the page refresh it self and they are getting ip adrress inside of that code.
So i can't play the tv channel by my servers ip !
the code i gave down below is just an example :D
<?php
$myURL = "https://whatismyipaddress.com/ip-lookup";
$lines = file($myURL);
echo $lines[145];
?>
Is there any way that i can change it to my one ip adresse?
If you mean the client (browsers) IP:
That code is being executed on your server, so the machine fetching that URL is your server. The response then has your server's IP address.
If you want to get the IP address of the user that's accessing the server, you could use some of the $_SERVER variables (like $_SERVER['REMOTE_ADDR']) but due to the way the internet works, that may not be the user's IP address.
Your best bet there is to use javascript that runs on the user's browser to identify the user's IP address - though, since that is really under the user's control, you can't be certain it's accurate either.
If you mean you're getting the IP of a different server, not your web server: the method you're using only determines the IP address of the server acting as a gateway to the greater internet. If your web server is behind a firewall, you'll be getting the IP of the firewall. You may want to identify the web server's local IP address instead.
Because the server is executing the PHP code and is requesting the website, if you want to get the IP address of the current user see How to get the client IP address in PHP?
I've a very basic tool (for educational purposes) where someone can input string, the tool uses cURL (data sent using AJAX) to bring response data from 3rd party API.
So, my question is, is there any way I can use the user's IP (I'm already getting the user IP using https://api.ipify.org for other personalization purpose in the tool) as a Proxy IP in cURL.
If yes, which port do I have to use (port 80)?
Edit: Here's what I exactly want to do:
Use the client's IP in the PHP cURL query by using a CURLOPT_PROXY field in the curl_setopt. Is this possible?
(I'm already sending the Client's IP to my PHP page (using AJAX) for some other part of server code)
No It's that simple answer.. A major security threat. Would you like if some one uses your IP to DDOS CIA.
Let's say that I have a website somewhere over the internet. At my house there is a raspberry pi.
Can I send data from that website to that raspberry pi?
I have web server on that raspberry pi, and I tried sending a POST request from website, and it worked, but now anyone, who knows how to send POST request can just send that data to raspberry pi. I want to send that data to C++ program, that I'll write. How can I do it?
Can I do it another way, or somehow secure that POST request?
If you want to prevent your users from seeing that is being posted to the RasPi and from tampering with it, you'll need to send that data from the server, not from user's browsers. You can still do this by POSTing to some sort of web service on the RasPi, or you can cache the information on the web server and poll it from the RasPi. In either case, you should protect that flow by requiring that it take place over HTTPS (as opposed to plain-text HTTP) and authenticating the client using either a TLS client certificate or some sort of API key.
Use SSL (secure transmission) - not perfect but will stop a lot
Use a 'nonce' (https://security.stackexchange.com/questions/30519/prevent-cross-domain-form-submission-with-nonce plus google).
Filter requests not coming from the correct IP address (assuming your web server will have a fixed outgoing IP address). [Side note: this is fakable so not perfect]
Individually encrypt each instructions manually, including a shared private key on your webserver and a unique ID embedded in each message. If you get exactly the same encrypted message it's a repeat post can be safely be dropped.
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
How can a server find real client IP address?
I need to let my users find very quickly and easily their local (LAN) ip.
Our network has a squid proxy so all the users sit behind it (and this is a problem for internal ip detection: all php scrips I've tried are able - at best - to detect proxy's ip and not client's).
Any kind of language working on a LAMP server is welcome...
Also a simple EXE file on Windows could work as "plan b" but I couldn't find anything working.
Following #German Arlington's answer, I think your best bet is configuring Squid to send the X-Forwarded-For header along with HTTP requests:
If set to "on", Squid will append your client's IP address in the HTTP
requests it forwards. By default it looks like:
X-Forwarded-For: 192.1.2.3
Then you will be able to read the ip address in PHP via apache_request_headers()
<?php
$headers = apache_request_headers();
echo $headers["X-Forwarded-For"];
?>
Consider java applet loaded in browser.
Since java uses its own virtual environment, it will be able to show local Ip address to the clients.
Good way to start i guess -> http://reglos.de/myaddress/MyAddress.html
And for Java to obtain IP: How can i check System IP Address/Host Name in Java?
This way you wont have to change current environment. Otherwise it will probably involve squid reconfiguration.
From the comments you have posted i can see that the purpose of presenting the IP to the client is to make them read it to you and allow you to connect remotely. You have also mentioned that running an app on a client side is an option. This immediately pushed me towards BGInfo http://technet.microsoft.com/en-us/sysinternals/bb897557.aspx - especially if the clients operating system is Windows.
The easy Java aplet to put on a page:
function myIP(){ var vi="uses java to get the users local ip number"
var yip2=java.net.InetAddress.getLocalHost();
var yip=yip2.getHostAddress();
return yip;
}//end myIP
alert("your machine's local network IP is "+ myIP())
You may be interested in
http://roshanbh.com.np/2007/12/getting-real-ip-address-in-php.html
and generally in http headers that should contain the information you are looking for
I am trying to find the IP address using as3 in adobe Flash professional cs5.5 and I think it is not possible from AS3 without using any server side technology(maybe I am wrong).
But I don't know any server side technology like PHP..etc.
Can anyone provide an example?
you can get the Local Machine using JavaScript. and also you can develop server side script which will retirve your local machine IP address from request header.
But as per your comments on your question I think you required your local machine IP. it will be get using javascript. But this IP address is not gateway or server side displayed one. Because in home or some fire wall / proxy user has different IP to access internet and local mahcine ip will be LAN IP.
and Javascript code you can call using the External Interface.
Please search for Javascript and ExternInterface code example you will find out many code example through google.
There's a simple and clean way to dynamically get the domain name, but not the IP, of the server hosting the SWF file.
You can use the domain property of the LocalConnection class.
try:
import flash.net.LocalConnection;
var lc:LocalConnection = new LocalConnection();
trace(lc.domain); // Outputs domain name of the hosting server, or `localhost` if ran locally.