How To Track the Real IP Address Behind the Proxy - php

How can we track the Real IP address behind the proxy using PHP?I mean a pure PHP implementation.Because they can turn off the js of their browsers.BTW when the JS is turn on I may use HTML 5 geolocation so I don't need the IP address to locate the user.

You can look at the X-Forwarded-For HTTP header if one is sent, but there is no guaranteed way to know.

This PHP code will work, and is useful for forward and reverse proxies. For reverse proxies, note that the X_FORWARDED_FOR header information, if available at all, can be forged and should not be trusted at all.
if($_SERVER["HTTP_X_FORWARDED_FOR"] != ""){
$IP = $_SERVER["HTTP_X_FORWARDED_FOR"];
$proxy = $_SERVER["REMOTE_ADDR"];
$host = #gethostbyaddr($_SERVER["HTTP_X_FORWARDED_FOR"]);
}else{
$IP = $_SERVER["REMOTE_ADDR"];
$proxy = "No proxy detected";
$host = #gethostbyaddr($_SERVER["REMOTE_ADDR"]);
}

The user who is behind a proxy does not have a globally routable IP address. If you want to maintain session state, you're better off having a session key you generate, and setting it as a cookie, or keeping it in the URL (there are tradeoffs with that approach).
If you really want to find out what their IP address is on their own network, you could probably use javascript in the page to find it out, and then send it back to your server.

Related

PHP External IP

I am using software called gns3 to build networks.
I have the need to find out devices external ip from within an gns3 internal network. This would be like a pc behind a router doing NAT.
Please could someone tell me if there is a way that you can echo out the clients external ip in php so I can add a web server to one of my virtual networks within gns3 so I can visit it on some devices and find their external ip’s for testing?
Thanks in advance
You need to make a request to an external website that could tell you the ip address you have. You may use checkip.dyndns.org - click the link to see your own ip addres.
if you want to do that from php here is an example code:
<?php
//get website content as a string
$ipCheckUrl = 'http://checkip.dyndns.org';
$subject = file_get_contents($ipCheckUrl);
//extract from string just ip address
$pattern = '/Current IP Address\:\s*(\d+\.\d+\.\d+\.\d+)/U';
$ip = preg_match($pattern,$subject,$result) ? $result[1] : 'Error';
//print ip address.
echo $ip;

How to use $_SERVER["REMOTE_ADDR"] in PHP websocket server

I have am using websocket and trying to merge with my custom PHP app and Mysql database. In Database I store IP, ClientID and username when user connects to server. These infromation are to be used when user disconnect from websocket server or sends message. I run server.php with php server.php
The server page is https://github.com/Flynsarmy/PHPWebSocket-Chat/blob/master/server.php
As mentioned above I stored necessary information in Mysql database to identify which users sends message, disconnect and connect.
So for that I need to identify my own mechine IP for further identification with various clients. So when I try to use
<?php
echo $_SERVER["REMOTE_ADDR"];
in server.php. It gives an error saying undefined.
You don't.
WebSockets does not deal with web requests. The $_SERVER superglobal does not get populated because it does not make sense to populate it.
Deal with the socket connections directly.
You most likely want to play around with socket_getsockname().
Please try this,
var_dump($_SERVER);
and check if it prints... [REMOTE_ADDR] => .......
But if you are after clients IP,
as a PHP developer I use following code
$ip=NULL;
if (!empty($_SERVER['HTTP_CLIENT_IP']))
$ip = $_SERVER['HTTP_CLIENT_IP'];
elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
else
$ip = $_SERVER['REMOTE_ADDR'];

Get user ip address for geolock (not 192.168 address)

Im geo locking our program, we have a service that returns the country code for us. But if someone is behind a router, they have a local 192.168.x.x address, and this tells me nothing. Is there a way to find out their address at the router? I could do a trace, but then i need to program logic myself about which ip is useful and which are not. I'm doing this code fromt he server in php, and our client web app is in javascript. Please advise.
Thanks
function get_real_ip() {
if (!empty($_SERVER['HTTP_X_FORWARED_FOR']))
{
$client_ip = $_SERVER['HTTP_X_FORWARED_FOR'];
}
elseif (!empty($_SERVER['HTTP_CLIENT_IP']))
{
$client_ip = $_SERVER['HTTP_CLIENT_IP'];
}
else
{
$client_ip = $_SERVER['REMOTE_ADDR'];
}
return $client_ip;
}
For server based software the PHP variable $_SERVER['REMOTE_ADDR'] will give the address of the client. For clients behind a router their address will be translated by the router firmware, so the server will see the router's public IP address, not the client's local private address.
All this is further confused by the possible presence of intervening proxy servers which may or may not tell you what their client address is. You can look at $_SERVER['HTTP_X_FORWRDED_FOR'] or $_SERVER['HTTP_CLIENT_IP'], if they're present. If not, you'll have to make do with the proxy address.

I am getting same IP for every system - How to get IP Address via PHP coding

Hello i am using this function to get IP Address of different systems..but everytime it returns the same value: 117.239.82.182
function getRealIpAddr()
{
if (!empty($_SERVER['HTTP_CLIENT_IP'])) //check ip from share internet
{
$ip=$_SERVER['HTTP_CLIENT_IP'];
}
elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) //to check ip is pass from proxy
{
$ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}
else
{
$ip=$_SERVER['REMOTE_ADDR'];
}
return $ip;
}
EDIT: (The answer changed radically after some clarifications in the comments)
You could edit the User-Agent setting of the user's browsers. To see how to change the setting in various browsers follow this link. Then you should modify your PHP script to read User-Agent of the browser.
In PHP,$_SERVER['HTTP_USER_AGENT'] returns the browser's User-Agent setting. Eg. you can define as User-Agent something like Company/System/1.02 Bla bla bla. Then when you receive that same string you can assume it is coming from a known host.
Attention that the User-Agent can be easily spoofed. So this method is not secure. The secure solution would be to implement a VPN solution.
117.239.82.182 is an external IP address. If all the systems that connect to the PHP server are behind the same external IP address, all of them will be notet as the same IP address.
Your script doesn't take the local IP. Don't think it's even possible. The IP you are seeing, is the IP of the firewall of your company.

PHP code used in website returns network IP of user and not public IP

I have PHP code that is supposed to detect a user's IP address. The code below returns an IP address, but the IP address is sometimes a local network IP (e.g. 10.0.0.1) and not a public IP. How can I ensure that I always get the public IP? Thanks. BTW, this code is from another StackOverflow post. Also, this code is used in a website that is being accessed over the internet from a completely separate network than that of my Apache web server.
if (isset($_SERVER["HTTP_CLIENT_IP"])){
$ip = $_SERVER["HTTP_CLIENT_IP"];
} elseif (isset($_SERVER["HTTP_X_FORWARDED_FOR"])){
$ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
} elseif (isset($_SERVER["HTTP_X_FORWARDED"])){
$ip = $_SERVER["HTTP_X_FORWARDED"];
} elseif (isset($_SERVER["HTTP_FORWARDED_FOR"])){
$ip = $_SERVER["HTTP_FORWARDED_FOR"];
} elseif (isset($_SERVER["HTTP_FORWARDED"])){
$ip = $_SERVER["HTTP_FORWARDED"];
} else {
$ip = $_SERVER["REMOTE_ADDR"];
}
Eliminate all the if(){} else{} code, and just request the REMOTE_ADDR:
$ip = $_SERVER["REMOTE_ADDR"];
It's the only reliable source of a user's remote IP address as all the other _SERVER keys can be masked by the client.
If the IP address is still local (and youre SURE that you're dealing with clients not in the networks or on a local VPN) the you may be dealing with either a server caching system (Squid Proxy eg). Have a look at http://www.nineteenlabs.com/2007/08/24/high-anonymous-proxy-squid-25/

Categories