...

View Full Version : Client's real IP



T.K.
03-09-2009, 05:24 PM
Hi, from a certain conversation I remained wondering if it's possible to get a user's real ip address e.g. behind proxy. Googlin' around I found this snippet of code that's creator told it will give the real ip address:



<?php
function getip () {
if ($_SERVER) {
if ($_SERVER["HTTP_X_FORWARDED_FOR"]) {$rip = $_SERVER["HTTP_X_FORWARDED_FOR"];}
elseif ($_SERVER["HTTP_CLIENT_IP"]) {$rip = $_SERVER["HTTP_CLIENT_IP"];}
else {$rip = $_SERVER["REMOTE_ADDR"];}
} else {
if (getenv("HTTP_X_FORWARDED_FOR")) {$rip = getenv("HTTP_X_FORWARDED_FOR");}
elseif (getenv("HTTP_CLIENT_IP")) {$rip = getenv("HTTP_CLIENT_IP");}
else {$rip = getenv("REMOTE_ADDR");}
}
return $rip;
}
?>


I don't understand that much PHP yet, so I need an expert advice if there's any sense in this code. Many thanks.

oesxyl
03-09-2009, 05:45 PM
Hi, from a certain conversation I remained wondering if it's possible to get a user's real ip address e.g. behind proxy. Googlin' around I found this snippet of code that's creator told it will give the real ip address:



<?php
function getip () {
if ($_SERVER) {
if ($_SERVER["HTTP_X_FORWARDED_FOR"]) {$rip = $_SERVER["HTTP_X_FORWARDED_FOR"];}
elseif ($_SERVER["HTTP_CLIENT_IP"]) {$rip = $_SERVER["HTTP_CLIENT_IP"];}
else {$rip = $_SERVER["REMOTE_ADDR"];}
} else {
if (getenv("HTTP_X_FORWARDED_FOR")) {$rip = getenv("HTTP_X_FORWARDED_FOR");}
elseif (getenv("HTTP_CLIENT_IP")) {$rip = getenv("HTTP_CLIENT_IP");}
else {$rip = getenv("REMOTE_ADDR");}
}
return $rip;
}
?>


I don't understand that much PHP yet, so I need an expert advice if there's any sense in this code. Many thanks.
not quite sure but:
- I don't know a case when $_SERVER is false, maybe the author want to check something else with that if.
- some headers are redundant and all of them, except REMOTE_ADDR, which came from your server, can be replaced with other values then real.
wait for other opinion before you take a decision, as I said, I'm not sure about what I said.

best regards

abduraooft
03-09-2009, 05:47 PM
Have you tested it at your end, by viewing your page via some proxy sites?

Fumigator
03-09-2009, 05:51 PM
Everything in the $_SERVER super global array can be faked, i.e. changed and altered, by a browser add-on. If I know how to code up a Firefox add-on, then I can make the $_SERVER array look like whatever I want it to look like.

Therefore, this script is only as good as the level of the user's ignorance.

In fact it took me about 3 minutes to find a Firefox add-on that spoofs this information for me (called X-Forwarded-For Spoofer 1.0.2).

https://addons.mozilla.org/en-US/firefox/addon/5948

(edit) in the 3 minutes it took me to find that add-on, oesxyl and abduraooft posted in front of me :D

oesxyl
03-09-2009, 06:05 PM
maybe this would not help you but in my opinion internet from today become a paranoic place. More and more people ask how to find ip and on the other hand how to hide real ip, :)
More constructive in my opinion is to use a "ask why" method to find why do you really need that in fact.
for example:
- why do I need real ip?
- because of X
- why do I need X?
- ....
and so on. In the end you will find that there are other methods better then that to do what you really want.
I hope this help you, if not I apologise for off topic replay.

best regards



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum