IPA behind proxy

Re: IPA behind proxy

Mhaxx <mhaxx@despamme d.com> writes:[color=blue]
> Is there a way to retrieve IP address behind a proxy?[/color]

Sometimes.

$_SERVER['X_FORWARDED_FO R'] works on some of them, not on others.

--
Chris

Re: IPA behind proxy

On Fri, 05 Sep 2003 10:10:25 +0200, Mhaxx <mhaxx@despamme d.com> wrote:
[color=blue]
>Is there a way to retrieve IP address behind a proxy?[/color]

this is what I use (doesn't always work:

if ($_SERVER['HTTP_X_FORWARD ED_FOR']) {
$ipaddress = $_SERVER['HTTP_X_FORWARD ED_FOR']." (through proxy
".$_SERVER['REMOTE_ADDR'].")";
}
else {
$ipaddress = $_SERVER['REMOTE_ADDR'];
}
?>

Re: IPA behind proxy

>this is what I use (doesn't always work:

There isn't $_SERVER['HTTP_X_FORWARD ED_FOR'] in my proxy headers! :-((

Are there other ways?

Mhaxx

Re: IPA behind proxy




[color=blue]
> Are there other ways?[/color]

Try this, which I picked up from someone else:


# Function to obtain the IP address behind cache
function getRealIp () {

# Obtain the server addresses
#!# These potentially require an isSet
$HCIP = $_SERVER['HTTP_CLIENT_IP '];
$HXF = $_SERVER['HTTP_X_FORWARD ED'];
$HXFF = $_SERVER['HTTP_X_FORWARD ED_FOR'];
$RMAD = $_SERVER['REMOTE_ADDR'];

# Logic to ascertain which to use
$ipAddress = ($HCIP != '') ? $HCIP :
($HXF != '') ? $HXF :
($HXFF != '') ? $HXFF :
($RMAD != '') ? $RMAD : '';

# Return the result
return $ipAddress;
}



Martin

Re: IPA behind proxy

>Try this, which I picked up from someone else:

Nothing, I always get the IP address of my proxy!

I think that if my proxy doesn't add IPA visitors header into its
headers, I can't obtain IPA visitors.. is it right?

Mhaxx

Re: IPA behind proxy

Mhaxx <mhaxx@despamme d.com> writes:[color=blue][color=green]
> >Try this, which I picked up from someone else:[/color]
>
> I think that if my proxy doesn't add IPA visitors header into its
> headers, I can't obtain IPA visitors.. is it right?[/color]

Make a PHP page solely containing <?php phpinfo(); ?> View it through
the proxy. Do a search on the page for your real IP. If you can't
find it, the proxy doesn't send it, and no, you can't obtain it. If
you can find it, you should have a big hint as to what the variable
it's in is called.

--
Chris

Re: IPA behind proxy

>the proxy. Do a search on the page for your real IP. If you can't[color=blue]
>find it, the proxy doesn't send it, and no, you can't obtain it.[/color]

I can't see the "real" IPA in phpinfo().

I have no other ways, right? :-°°(

Mhaxx

Re: IPA behind proxy

Mhaxx <mhaxx@despamme d.com> writes:[color=blue][color=green]
> >the proxy. Do a search on the page for your real IP. If you can't
> >find it, the proxy doesn't send it, and no, you can't obtain it.[/color]
>
> I can't see the "real" IPA in phpinfo().
>
> I have no other ways, right? :-°°([/color]

Well, you could ask the user to type their IP into a box on the page.
It might be possible to use Javascript to grab it client-side and put
it into a hidden field, but that's going to be unreliable at best, and
might _really_ annoy some people (if someone's going out of their way
to keep their IP hidden, trying to find it is going to make them
leave, fast).

Looks like you'll just have to give up on this one.

What do you need the IP for, anyway?

--
Chris

Re: IPA behind proxy

>Well, you could ask the user to type their IP into a box on the page.

No no..
[color=blue]
>What do you need the IP for, anyway?[/color]

To trace accesses to my web site, and (maybe) to trace visitors IPA
when they buy something in my merchant site.. I know what you think:
it's not a good idea, because you can change your IPA if you want, so
it's not a secure way..

Mhaxx

Re: IPA behind proxy



[color=blue][color=green]
> >What do you need the IP for, anyway?[/color]
>
> To trace accesses to my web site, and (maybe) to trace visitors IPA when
> they buy something in my merchant site.. I know what you think: it's not
> a good idea, because you can change your IPA if you want, so it's not a
> secure way..[/color]

This will fail. Use sessions instead, which are intended exactly for this
sort of application, and which fairly are simple to set up.






Martin

Re: IPA behind proxy

>This will fail. Use sessions instead, which are intended exactly for this[color=blue]
>sort of application, and which fairly are simple to set up.
>
>www.php.net/session[/color]

I *use* PHP session!
But I need to retrieve IPA..

Mhaxx

Re: IPA behind proxy




[color=blue]
> I *use* PHP session!
> But I need to retrieve IPA..[/color]

Did you try the function I posted at Fri, 5 Sep 2003 14:01:59 +0100,
reproduced below. I contend that you won't get any further than that in
getting a visitor's IP address.

If that doesn't work, then I'm still not clear what you're wanting to
achieve exactly.

I had thought you wanted some derivative of the client's IP address,
though perhaps IPA is referring to something I'm not familiar with, as
it's not an acronymn I've come across.

[color=blue]
> To trace accesses to my web site[/color]

http://www.analog.cx/docs/webworks.html is a good guide to what is and
isn't possible, incidentally.


Martin




# Function to obtain the IP address behind cache
function getRealIp () {

# Obtain the server addresses
#!# These potentially require an isSet
$HCIP = $_SERVER['HTTP_CLIENT_IP '];
$HXF = $_SERVER['HTTP_X_FORWARD ED'];
$HXFF = $_SERVER['HTTP_X_FORWARD ED_FOR'];
$RMAD = $_SERVER['REMOTE_ADDR'];

# Logic to ascertain which to use
$ipAddress = ($HCIP != '') ? $HCIP :
($HXF != '') ? $HXF :
($HXFF != '') ? $HXFF :
($RMAD != '') ? $RMAD : '';

# Return the result
return $ipAddress;
}

Re: IPA behind proxy

>Did you try the function I posted at Fri, 5 Sep 2003 14:01:59 +0100,

Yes, but with no success.
[color=blue]
>If that doesn't work, then I'm still not clear what you're wanting to
>achieve exactly.[/color]

I only want to get client's IP address!
...but I can't because my web server is behind a proxy, so if I try to
retrieve client's IP address I get proxy's IP address!
[color=blue]
>I had thought you wanted some derivative of the client's IP address,[/color]

No, exactly the IP address.
[color=blue]
>though perhaps IPA is referring to something I'm not familiar with, as
>it's not an acronymn I've come across.[/color]

IPA = IP address ;-)
[color=blue]
>http://www.analog.cx/docs/webworks.html is a good guide to what is and[/color]

I'm connecting to it to see..

Thanx, bye.

Mhaxx