I am wondering about a certain server setup.
Lets say I have a web server running on my local network, which is accessible using an url such as www.example.com from within and also outside the network.
I would like my PHP website to be able to determine if a request comes from within the internal LAN or from the outside. I doubt that this will be possible using the IP address as the request will look as if it is coming from a public IP address, and not the internal one 192.168.x.x. Also the public IP might change from time to time.
Would this be possible, and how could i achieve this in PHP?
If your requests comes from inside the lan then the $_SERVER['REMOTE_ADDR'] will be from a private ip address group, if if comes from outside the lan it will not.
Unless you have a poorly configured internal network, but this will probably not be the case.
look here for the correct address groups
http://en.wikipedia.org/wiki/Private_network
If your internal dns server resolves example.com to the public ip then the requests will appear to come from the public ip as well, so if this is the case you also know that the request came from inside.
As long as you know what the external NAT IP range is for your office, you should be able to do this easily be accessing the $_SERVER['REMOTE_ADDR'] value.
Related
I am writing a web application using PHP. For a certain endpoint, I want to validate whether the request was sent from inside the network. We use the 10.0.0.0/8 private range internally. Let's say the server is at 10.0.0.10.
Let's say $_SERVER['REMOTE_ADDR'] = 10.2.3.5, can I safely assume the request had to have come from inside the network (or an internal VLAN as the routers will have private addresses too)? Am I right in thinking that if it came from outside the network, this IP address would have to be a public address for the response to find its way back to the external network's router?
How to change ip address such that it does not reveal our original address when using $_SERVER['REMOTE_ADDR']; in php
You need to use a proxy server if you're trying to access a website from a different IP than your own. Wikipedia has more information.
There are several options I have in mind for this. I will go from the simpler to the more complicated one.
First, you could use a proxy server and ask him through an HTTP request made by your program or your browser, to fetch a resource for you. The proxy server will take the role of querying a resource in your place to the target service.
Example :
You want to retrieve the main page of the domain stackoverflow.com. You ask the proxy server to ask stackoverflow's HTTP server to send him the main page and he will forward it back to you.
To SO webserver, the superglobal $_SERVER['REMOTE_ADDR'] variable will correspond to the proxy server's IP address and not yours. However, the HTTP protocol implements some fields such as HTTP_VIA, HTTP_X_FORWARDED_FOR, or HTTP_FORWARDED which can be used to know if the current HTTP request is made by a proxy or not.
A transparent proxy will not specify those fields and will not modify your request whereas a non-transparent proxy may reveal the original IP address of the original requester. You got to use a reliable proxy which will act as you intends it to act. Another thing to consider is the use of an SSL tunnel between you and the proxy to avoid eavesdropping.
The second solution is to use a VPN (Virtual private network) server. It would be too complicated to fully explains how this works, but remember this, when you are connected to a computer using a VPN service (like l2tpd, pptpd ...) it's like you were on the same LAN with this computer. So you can transparently make requests to a webserver and he will never find out what's your real IP address.
A third solution could be to use linked nodes based network such as TOR. It's a free network you can connect to, and you will be completely anonymous to regular people. The TOR network power is to provide a network of many nodes and each nodes doesn't know anything about other nodes, so even people connected to the TOR network cannot know anything about you. I suggest you to read more about this if you're interested.
There are more complicated other solutions such as TCP session hijacking which is generally used to fake IP addresses and literally steal another computer's TCP connection, but this is out of the scope of this answer.
i have php files on my computer and i can very well access those from IIS using eighter localhost or loop-back address . But now if i want to access the same file of php from another computer not in the LAN but in a different computer on the internet what should i do? i was thinking of IP address(static) as an option but then i was not successful in finding a way to do the same .
thanks in advance....
I don't completely understand your question. Is your problem
1) You don't have a static IP? Then:
There are services as "No-IP" where you can create redirects. At their site, you can create a free domain name (which is a static IP as well) such as yourdomain.no-ip.com. Then on your server computer you can run their tool. This tool updates the IP all the time so it will be always correct.
2) You don't know how to access the server from out of the LAN because the IP of your network is the same for all computers (if you're looking from the outside)? Then:
Check your router settings, normally at: http://192.168.1.1. There you will be able to define rules how to redirect requests from the outside. For http, you should redirect requests to port 80 to the IP of the server computer (note: you can even use an other port on the server computer)!
When I go to http://www.whatismyip.com/ I get an IP address of 203.39.136.200 but if I use php/apache I get:
HTTP_CLIENT_IP = ""
HTTP_FORWARDED_FOR = ""
REMOTE_ADDR = 10.15.60.84 //IP of my machine
We are introducing geo-sensitive content into one of our sites and have the necessary lookup Web Services ready to go but as you can imagine using the local IP of the machine (10.15.60.84) produces no results so I need to work out a way to retrieve 203.39.136.200.
Cheers
Rob
If you are accessing the server from the local network then you will get the local address, even if you access the server using an address bound to an external interface. You can get around this by adding routing rules to your default gateway to route packets to the remote side of the Internet link your company uses, but this will cause extra traffic on the link since the packets will now have to go across it to get outside and then back in again.
I'm doing a PHP cURL post, using a complete URL (http://www.mysite.com), from one page to another on the same site. (I know this isn't the best way to do it; but for my purpose this is what I need)
My question is:
Will the cURL post still go out across the internet, do a name lookup and travel a route as though it were a post coming from a different site. Or will the post stay on the servers local network?
There are multiple parts to the request, the dns lookup and the get or post to the site.
DNS Records are usually cached on most OSes, so it's rather unlikely that the server would have to do a dns lookup for it's own external ip, but it's possible.
As for the post, let's assume a basic layout:
Firewall => DMZ Apache PHP Server (www.mysite.com)
222.xxx.xxx.123 => 192.168.0.2
And mysite.com resolves to 222.xxx.xxx.123, then your request will go to your firewall's external interface and bounce back in. That's not terribly public traffic, but it goes out none-the less.
However, if you wanted to bypass that, you could put an entry in the host file of the server to say
127.0.0.1 mysite.com
(assuming you control the server, ie not shared hosting)
No. The post itself (unless you have multiple interfaces and your routing is totally screwed up) will not traverse the internet. Your local host ought to be able to resolve its own name as well, but there is a possibility that a DNS request will be made to determine the IP address corresponding to the name. I would hope that the network stack implementation on your system would prevent the post's packets from even hitting the wire (similar to localhost), but I wouldn't count on it.
It depends on your network setup. Many sites have a domain name pointing to the IP address of a front facing router or load balancer which forward the request to the web server.
If that's the case a request to your own site can make a round-trip to the router. Though it's unlikely that the request will go through the internet unless you have a very unusual setup (such as round robin DNS with multiple datacenters).
You can avoid the round-trip by associating the site FQDN to the loopback interface in your webserver /etc/hosts which will also save you a DNS request.