I am mediating requests from client A to server B. Client A may be a phone or a laptop computer. Server B wants to know client A's IP address, but they are looking for it in $_SERVER['REMOTE_ADDR']. Because I am hitting server B, they are getting the "wrong" value for $_SERVER['REMOTE_ADDR'] -- they're getting my servers' IP addresses. What can I do on my side so that server B will see the client's IP address when they access $_SERVER['REMOTE_ADDR'] at their endpoint?
This is happening at a layer that cannot be overridden by your PHP script. The X-Forwarded-For header exists to relay the true client IP, but the remote server must support this easily-spoofed value.
$header = "X-Forwarded-For: {$_SERVER['REMOTE_ADDR']}, {$_SERVER['SERVER_ADDR']}";
curl_setopt($curl_handle, CURLOPT_HTTPHEADER, array($header));
EDIT: Prior answer is perfect. This only applies where your own dev-ip is interfering with client stats.
In the absence of more info, at the most basic level, you should remove your own 'developer IP' so that you're not included in any stats/data/logs...
Your IP may be different to the server in question:
<?php
$dev_ip = '217.12.14.14' // your dev IP address
if ($_SERVER['REMOTE_ADDR'] == $dev_ip){
// do nothing
} else {
// do|show|log something
}
This doesn't account for dynamic IP address allocation (rather than a static IP). Dynamic IP's are often allocated by ISPs which is something that causes further issues.
Related
I have a remote login script that user hosts (runs) on his server. During registration, user needs to specify a domain he will login from. When user runs script on his domain and logins to my server for the 1st time, I log his IP using:
$ip_address = $_SERVER['REMOTE_ADDR'];
When user logins 2nd time, I check if his IP address is still the same (using the same function above). Then I check if he still uses the same domain using:
$domain = $_SERVER['HTTP_REFERER'];
Finally, besides other security checks, I also check if specified domain really points to IP address using:
$domain_ips_array = gethostbynamel($domain);
if (in_array($ip_address, $domain_ips_array)) {
echo "Wonderful, domain really points to this IP";
}
But there's a problem when domain points to a dedicated IP. For example, if server's IP (where script is actually hosted) is 1.1.1.1 (this IP is also returned by $_SERVER['REMOTE_ADDR']), but domain is configured to use a dedicated IP 1.1.1.2, gethostbynamel function will only return 1.1.1.2, and check will fail (even if domain is actually hosted on server with IP address 1.1.1.1).
How do I solve this issue? Put simply, I need to be sure that user always runs the script on the same IP/domain, and if any of these is changed, alert is displayed.
I think you have a better luck with refactoring a little bit of the script you send to the user.
For example when a first login comes along, you can see the IP from the requested server.
Do your magic and return the IP to your script. Then store it somewhere and always send it after that.
This way you will always have the first IP. And then check with the $_SERVER variable. Domains can be changed and I think it's not that reliable.
Said it more simple, you need to have it stored somewhere.
-EDIT
You can use the function gethostbyaddr.
This will return you the domain of the IP. So you can store the domain from the first request as well and then check it with every other.
I have a wierd problem. Whatever i do, the IP is the server's IP, not the client / the visitor. What to do?
if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARTDED_FOR'] != '') {
$ip_address = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip_address = $_SERVER['REMOTE_ADDR'];
}
return $ip_address;
}
You may need to switch to another server software (depending on what you're using now)
From the PHP docs:
$_SERVER is an array containing information such as headers, paths, and script locations. The entries in this array are created by the web server. There is no guarantee that every web server will provide any of these; servers may omit some, or provide others not listed here. That said, a large number of these variables are accounted for in the ยป CGI/1.1 specification, so you should be able to expect those.
REMOTE_ADDR is in the CGI/1.1 specification though so it's odd that whatever server you're using wouldn't be returning it.
If your server is on the same network as your server, behind a router with NAT, then you might see your private IP.
If you are behind a reverse proxy $_SERVER['REMOTE_ADDR']; will always be the IP of the proxy server.
Your webserver is not configured properly (once I've had this issue on buying alias domains at my webhost provider).
However if you're unable to fix this problem, I HIGLY recommend you to check if $_SERVER['HTTP_X_FORWARDED_FOR'] is valid IP address and then just assing it to $_SERVER['REMOTE_ADDR'] for simply usage, because It is easy to fake $_SERVER['HTTP_X_FORWARDED_FOR'] and to throw there your own values (I had this problem).
echo $_SERVER['SERVER_ADDR'] always yields 192.168.1.142, which is the IP address of my server within my home network. I can access the website using my external IP since I've set up the port forward on my router, but $_SERVER['SERVER_ADDR'] will only return the internal IP, no matter what I try.
How can I make $_SERVER['SERVER_ADDR'] return my external IP?
You can use file_get_contents function for this. You just need to find a host which can return your ip address
$externalContent = file_get_contents('http://checkip.dyndns.com/');
preg_match('/Current IP Address: ([\[\]:.[0-9a-fA-F]+)</', $externalContent, $myIp);
echo $myexternalIp = $myIp[1];
Add a second IP to your server (ifconfig eth0:1 192.168.1.143) and use that in your router's port forwarding rules. That way, external accesses will be coming in through that address instead and you can tell the difference between the two.
I am getting the client's (website user's) IP address. Now I'd like to go one step further by knowing the user's computer name. So far, my research has not turned up anything to aid me in retrieving this information.
Is it possible to use the user's IP address, or some other means, to get my visitor's computer name using PHP?
PHP 5.4+
gethostbyaddr($_SERVER['REMOTE_ADDR'])
You can perform a reverse DNS lookup using gethostbyaddr().
Note that this will give you the name of the host the request came from according to reverse DNS.
It will not give you a result if reverse DNS isn't set up
It will not give you the Windows name of the computer
It will give you the name of the router if NAT is involved or proxy if a proxy is involved.
Not possible with plain php running on the server. It'd be a security/privacy issue to know details of the client such as computer name, mac address, contents of his drive.
You need some sort of application running on the client's machine in order to get this.
If you're referring to the hostname (displayed for instance by the hostname command on linux) of the computer doing the request:
That information is not included in an HTTP request. (That is, it's impossible for PHP to figure out.)
You could do a reverse DNS lookup, but that's probably not what you want anyway.
This is all that you could get using just PHP (you may try these butIi dont think this is what you actually needed):
gethostname()
gethostbyname(gethostname())
$_SERVER['HTTP_HOST']
$_SERVER['SERVER_SIGNATURE']
$_SERVER['SERVER_NAME']
$_SERVER['SERVER_ADDR']
$_SERVER['SERVER_PORT']
$_SERVER['REMOTE_ADDR']
gethostbyaddr($_SERVER['REMOTE_ADDR'])
php_uname()
The only thing you could do is try to get a DNS name for the client. "Computer Name" is a Windows made-up thing. Just call the built-in function gethostbyaddr() with the client's IP address. However, it won't always (hardly ever) work.
You can do this by
$_SERVER['REMOTE_HOST']
'REMOTE_HOST' - The Host name from which the user is viewing the current page. The reverse dns lookup is based off the REMOTE_ADDR of the user.
Note: Your web server must be configured to create this variable. For example in Apache you'll need HostnameLookups On inside httpd.conf for it to exist. As David mentioned you can also use . gethostbyaddr()
Pls go thru all the comments in the
url before actually using the
function.
Do something lik this:
<?php
//get host by name
echo gethostname();
echo "<br>";
//get OS
echo php_uname();
?>
Ok simple enough
<?PHP
echo $_SERVER[REMOTE_ADDR];
?>
Ok maybe not, I my IP is currently 72.184.212.85 however the code above which I am using on an IP blocking system for a script shows my IP as my home server IP of 127.0.0.1
So when I go to my script my IP is shown as 127.0.0.1 but when I go to other websites it is shown as 72.184.212.85
How can I get the first value to show on my test server?
$_SERVER['REMOTE_ADDR'] will always show the IP address from which the request came. If you access your own script on your own computer within your own network, your external IP address never comes into play. The request would have to leave your local network and then come back in for the external address to show up, but if it's all local, that'll never happen.
You'll have to make your server publicly accessible and then access it from the public address. I'm guessing you're currently using localhost to access your server?
run your server say port 8080 and then forward the port in your router so it's public to the internet. Then visit your webpage/phpscript from http://72.184.212.85:8080 instead of http://localhost:8080.
Here is a ridiculous solution that I wouldn't recommend:
Register your home IP with a domain name, then see where the request came from via URL:
$url = $_SERVER["SERVER_NAME"];
or
$url = $_SERVER["HTTP_HOST"];
and then do a dns lookup of that result, which should return the IP it's registered to, ie your external IP.
$ext_ip = gethostbyaddr($url);
The only reason this wouldn't work (so sorry if I'm wrong), is if SERVER_NAME uses the same method as "REMOTE_HOST", which is a reverse DNS lookup, which won't resolve, as your internal IP won't be registered to that domain name. An easy way to check is to do either:
phpinfo();
and see what the environmental variables are.