we have a dedicated server which installed nginx.
when I use $_SERVER['REMOTE_ADDR'] this variable return Server IP, because we have Nginx.
I know we should use HTTP_X_REAL_IP or HTTP_X_FORWARDED but we have some PHP application which use REMOTE_ADDR and the source of this applications are coded with IonCube so we cannot change on source of this programs.
Is there any way in nginx configuration to return correct user IP in REMOTE_ADDR not in another indexes ?
Nginx allows you set new environment variables with the env directive. You can read arbitrary headers as variables using using $http_HEADER.
I have not tried this combination of features, but rewriting the REMOTE_ADDR variable in Nginx appears to be what you are looking to do, this appears to be a way to do it.
function get_client_ip()
{
if (!empty($_SERVER['HTTP_CLIENT_IP'])) { // check ip from share internet
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { // to check ip is pass from proxy
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
return $ip;
}
try this?
If there are no stock solutions, patching Nginx to behave as you require would be an approach you could take. An alternative would be to patch PHP so that the desired value is available in $_SERVER['REMOTE_ADDR'].
Related
I am trying to fetch the ip address of my machine through php. For that I am writing the code like:
<?php echo "<br />".$_SERVER['REMOTE_ADDR'];?>
But this piece of code is not working. It is returning "::1".
Please help me how to get the actual IP Address.
::1 is the actual IP. It is an ipv6 loopback address (i.e. localhost). If you were using ipv4 it would be 127.0.0.1.
If you want to get a different IP address, then you'll need to connect to the server through a different network interface.
If you are trying to run localhost, this answer will fix your problem. Just few changes on
apache2/httpd.conf
search all "listen" words
ex:
Listen 80
Make like this.
Listen 127.0.0.1:80
than restart your apache
$_SERVER[REMOTE_ADDR]
will show Listen 127.0.0.1
you can see answer in this detailed answer link
If you mean getting the user's IP address, you can do something like :
<?php
if(!empty($_SERVER['HTTP_CLIENT_IP'])){
$ip=$_SERVER['HTTP_CLIENT_IP'];
}
elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){
$ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}
else{
$ip=$_SERVER['REMOTE_ADDR'];
}
?>
<?php echo "<br />".$ip;?>
It will get the user's actual IP address, regardless of proxies etc.
$_SERVER['REMOTE_ADDR'] is the IP address of the client.
$_SERVER['SERVER_ADDR'] is the IP address of the server.
Reference: http://php.net/manual/en/reserved.variables.server.php
Simple answer: You are using it on local server.
Try running
function getUserIpAddr(){
if(!empty($_SERVER['HTTP_CLIENT_IP'])){
//ip from share internet
$ip = $_SERVER['HTTP_CLIENT_IP'];
}elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){
//ip pass from proxy
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}else{
$ip = $_SERVER['REMOTE_ADDR'];
}
return $ip;
}
echo 'User Real IP - '.getUserIpAddr();
in real server. Or you can also user online php executor.
Look at the output of phpinfo(). If the address is not on that page, then the address is not available directly through PHP.
I am trying to fetch the ip address of my machine through php. For that I am writing the code like:
<?php echo "<br />".$_SERVER['REMOTE_ADDR'];?>
But this piece of code is not working. It is returning "::1".
Please help me how to get the actual IP Address.
::1 is the actual IP. It is an ipv6 loopback address (i.e. localhost). If you were using ipv4 it would be 127.0.0.1.
If you want to get a different IP address, then you'll need to connect to the server through a different network interface.
If you are trying to run localhost, this answer will fix your problem. Just few changes on
apache2/httpd.conf
search all "listen" words
ex:
Listen 80
Make like this.
Listen 127.0.0.1:80
than restart your apache
$_SERVER[REMOTE_ADDR]
will show Listen 127.0.0.1
you can see answer in this detailed answer link
If you mean getting the user's IP address, you can do something like :
<?php
if(!empty($_SERVER['HTTP_CLIENT_IP'])){
$ip=$_SERVER['HTTP_CLIENT_IP'];
}
elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){
$ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}
else{
$ip=$_SERVER['REMOTE_ADDR'];
}
?>
<?php echo "<br />".$ip;?>
It will get the user's actual IP address, regardless of proxies etc.
$_SERVER['REMOTE_ADDR'] is the IP address of the client.
$_SERVER['SERVER_ADDR'] is the IP address of the server.
Reference: http://php.net/manual/en/reserved.variables.server.php
Simple answer: You are using it on local server.
Try running
function getUserIpAddr(){
if(!empty($_SERVER['HTTP_CLIENT_IP'])){
//ip from share internet
$ip = $_SERVER['HTTP_CLIENT_IP'];
}elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){
//ip pass from proxy
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}else{
$ip = $_SERVER['REMOTE_ADDR'];
}
return $ip;
}
echo 'User Real IP - '.getUserIpAddr();
in real server. Or you can also user online php executor.
Look at the output of phpinfo(). If the address is not on that page, then the address is not available directly through PHP.
I'm having trouble getting the IP address of the exit node that hits my hidden service (PHP). No matter what I try, it comes back as local (127.0.0.1), as if it's going through a proxy.
I have Tor configured like this:
HiddenServicePort 80 127.0.0.1:9028
and Lighty like this:
server.port = 9028
which means the hit against the hidden service should arrive through Tor on virtual port 80, get directed to 9028 on Lightly, and then served to the end user.
I have privoxy installed too but I don't believe it has anything to do with Tor hidden services (I've confirmed this thru the privoxy debug logs).
I've tried code like this:
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
return $_SERVER['HTTP_CLIENT_IP'];
} else if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
return $_SERVER['HTTP_X_FORWARDED_FOR'];
}
return $_SERVER['REMOTE_ADDR'];
but the headers don't include any forwarding IP information.
What am I missing? Why can't Lightly see the exit node IP address? Is there a way I could configure a proxy in there somewhere that could alter the headers and inject the X-FORWARDED header? I don't care to lookup the exit node in the public database - I just want the IP address.
The reason it sees 127.0.0.1 is because when hidden services are in use - there is no "exit node" in the traditional sense.
Exit nodes are used to route traffic in and out of the Tor network. Since hits to your hidden service are coming from inside the Tor network, no exit node is actually used. Instead when the Tor client wants to access your hidden service it builds a circuit to the service and the connection takes place over the Tor network, to your local Tor client which then proxies the connection (over 127.0.0.1) to your web server.
The only time your hidden service will see an exit node IP is if your hidden service is available over Tor (.onion) and through the internet.
For example you can host your website publicly as usual (e.g. https://torsite.yourdomain.com) so regular & Tor clients (using exit nodes) can access your site. Additionally you can set up your local Tor node to proxy the hidden service (in which case access is strictly within the Tor network) and proxied through localhost.
Since it sounds like you are only hosting a hidden service, all hits from the Tor network will show up as 127.0.0.1 thus indicating they are accessing the service over Tor. Since Tor simply proxies the connection from the network to your local service, no circuit or Tor relay information is passed to the lighttpd.
Hope that makes sense.
See also: https://www.torproject.org/docs/hidden-services.html.en
You need to check more server vars than that. I would do something like this:
$ipaddress = ”;
if ($_SERVER[‘HTTP_CLIENT_IP’] != ‘127.0.0.1’)
$ipaddress = $_SERVER[‘HTTP_CLIENT_IP’];
else if ($_SERVER[‘HTTP_X_FORWARDED_FOR’] != ‘127.0.0.1’)
$ipaddress = $_SERVER[‘HTTP_X_FORWARDED_FOR’];
else if ($_SERVER[‘HTTP_X_FORWARDED’] != ‘127.0.0.1’)
$ipaddress = $_SERVER[‘HTTP_X_FORWARDED’];
else if ($_SERVER[‘HTTP_FORWARDED_FOR’] != ‘127.0.0.1’)
$ipaddress = $_SERVER[‘HTTP_FORWARDED_FOR’];
else if ($_SERVER[‘HTTP_FORWARDED’] != ‘127.0.0.1’)
$ipaddress = $_SERVER[‘HTTP_FORWARDED’];
else if ($_SERVER[‘REMOTE_ADDR’] != ‘127.0.0.1’)
$ipaddress = $_SERVER[‘REMOTE_ADDR’];
else
$ipaddress = 'UNKNOWN';
Hopefully that helps.
I have a wierd problem. Whatever i do, the IP is the server's IP, not the client / the visitor. What to do?
if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARTDED_FOR'] != '') {
$ip_address = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip_address = $_SERVER['REMOTE_ADDR'];
}
return $ip_address;
}
You may need to switch to another server software (depending on what you're using now)
From the PHP docs:
$_SERVER is an array containing information such as headers, paths, and script locations. The entries in this array are created by the web server. There is no guarantee that every web server will provide any of these; servers may omit some, or provide others not listed here. That said, a large number of these variables are accounted for in the » CGI/1.1 specification, so you should be able to expect those.
REMOTE_ADDR is in the CGI/1.1 specification though so it's odd that whatever server you're using wouldn't be returning it.
If your server is on the same network as your server, behind a router with NAT, then you might see your private IP.
If you are behind a reverse proxy $_SERVER['REMOTE_ADDR']; will always be the IP of the proxy server.
Your webserver is not configured properly (once I've had this issue on buying alias domains at my webhost provider).
However if you're unable to fix this problem, I HIGLY recommend you to check if $_SERVER['HTTP_X_FORWARDED_FOR'] is valid IP address and then just assing it to $_SERVER['REMOTE_ADDR'] for simply usage, because It is easy to fake $_SERVER['HTTP_X_FORWARDED_FOR'] and to throw there your own values (I had this problem).
I'm trying to track IP addresses of visitors. When using $_SERVER["REMOTE_ADDR"], I get the server's IP address rather than the visitor's. I tried this on multiple machines at multiple locations and they all resulted in the exact same IP. Is there some PHP/server settings that could be affecting this?
When using $_SERVER["REMOTE_ADDR"], I get the server's IP address rather than the visitor's.
Then something is wrong, or odd, with your configuration.
Are you using some sort of reverse proxy? In that case, #simshaun's suggestion may work.
Do you have anything else out of the ordinary in your web server config?
Can you show the PHP code you are using?
Can you show what the address looks like. Is it a local one, or a Internet address?
$_SERVER['REMOTE_ADDR'] gives the IP address from which the request was sent to the web server. This is typically the visitor's address, but in your case, it sounds like there is some kind of proxy sitting right before the web server that intercepts the requests, hence to the web server it appears as though the requests are originating from there.
Look no more for IP addresses not being set in the expected header. Just do the following to inspect the whole server variables and figure out which one is suitable for your case:
print_r($_SERVER);
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$IP = $_SERVER['HTTP_CLIENT_IP'];
} else if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$IP = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$IP = $_SERVER['REMOTE_ADDR'];
}
Replacing:
$_SERVER["REMOTE_ADDR"];
With:
$_SERVER["HTTP_X_REAL_IP"];
Worked for me.
Try this
$_SERVER['HTTP_CF_CONNECTING_IP'];
instead of
$_SERVER["REMOTE_ADDR"];
If you are using Cloudflare then this is always the Cloudflare IP address from the node which is serving you.
In this case you get the real IP address from the $_SERVER['HTTP_FORWARDED_FOR'] entry as described in the the other answers.
if your site is behind cloudflare, you can use another header provided by cloudflare itself:
$_SERVER['HTTP_CF_CONNECTING_IP']
or if you are using Laravel
$request->server('HTTP_CF_CONNECTING_IP');
read more about it here:
How to get real client IP behind Cloudflare in Laravel / PHP
#php 7.x short condition syntax.
<?php
$ip = isset($_SERVER['HTTP_CLIENT_IP']) ? $_SERVER['HTTP_CLIENT_IP'] : (isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']);
echo "The user IP Address is - ". $ip;
?>
from https://www.delftstack.com/howto/php/php-get-user-ip/
Enable remoteIP module in your Apache server
a2enmod remoteip
Restart Apache: /etc/init.d/apache2 restart