Client's IP address retrival

Re: Client's IP address retrival

"varungupta " wrote:
[color=blue]
> Hi Group members !
>
> I want to know about a method for detecting client's IP which is
> running behind a proxy server.
> I have tried functions available with PHP core but they are returning
> the address of proxy server not of the client's machinel.
> Is there any way to get the desired results.
>[/color]

Some proxies add an "X-Forwarded-For" header to forwarded requests. If
you're running PHP as an Apache module, then it should be possible to
retrieve this with the apache_request_ headers function.

If the proxy doesn't bother providing this information, then there isn't
much you can do.

--
phil [dot] ronan @ virgin [dot] net

Re: Client's IP address retrival

> I want to know about a method for detecting client's IP which is[color=blue]
> running behind a proxy server.
> I have tried functions available with PHP core but they are returning
> the address of proxy server not of the client's machinel.
> Is there any way to get the desired results.[/color]

This is hardly possible because of the way the proxies work! They
completely masquerade the user.

-- Evanescent Lurker --

Re: Client's IP address retrival

varungupta wrote:
[color=blue]
> I want to know about a method for detecting client's IP which is
> running behind a proxy server.[/color]

Try $_SERVER['HTTP_X_FORWARD ED_FOR']

The proxy might og might NOT add this header

Re: Client's IP address retrival

varungupta (developer.varu n@gmail.com) decided we needed to hear...[color=blue]
> Hi Group members !
>
> I want to know about a method for detecting client's IP which is
> running behind a proxy server.
> I have tried functions available with PHP core but they are returning
> the address of proxy server not of the client's machinel.
> Is there any way to get the desired results.[/color]

You can't do it with PHP. You could use Javascript and pass it as a
form variable.

Depends why you want to do this, since its easy to get around it -
JS could be turned off, or the form var could be overidden.
If say you wanted to ban users from a particular IP then I wouldn't
trust this method, but if you just want the IP for cosmetic reasons
then I'm sure you can live with the pitfalls.
--
Dave <dave@REMOVEbun dook.com>
(Remove REMOVE for email address)

Re: Client's IP address retrival

On Wed, 27 Jul 2005 14:54:47 -0700, varungupta wrote:
[color=blue]
> Hi Group members !
>
> I want to know about a method for detecting client's IP which is running
> behind a proxy server.
> I have tried functions available with PHP core but they are returning the
> address of proxy server not of the client's machinel. Is there any way to
> get the desired results.[/color]

Write an email to the admin of the proxy asking politely for his logs of
the times in question

--
Hardware, n.: The parts of a computer system that can be kicked

The best way to get the right answer on usenet is to post the wrong one.

Re: Client's IP address retrival

Dave wrote:[color=blue]
> varungupta (developer.varu n@gmail.com) decided we needed to hear...
>[color=green]
>>Hi Group members !
>>
>>I want to know about a method for detecting client's IP which is
>>running behind a proxy server.
>>I have tried functions available with PHP core but they are returning
>>the address of proxy server not of the client's machinel.
>>Is there any way to get the desired results.[/color]
>
>
> You can't do it with PHP. You could use Javascript and pass it as a
> form variable.
>
> Depends why you want to do this, since its easy to get around it -
> JS could be turned off, or the form var could be overidden.
> If say you wanted to ban users from a particular IP then I wouldn't
> trust this method, but if you just want the IP for cosmetic reasons
> then I'm sure you can live with the pitfalls.[/color]

could you can do it with php....
this may not work with annonymous proxies...
but most ISP's should forward this header.

if(isset($_SERV ER['HTTP_X_FORWARD ED_FOR']))
{
$userip = $_SERVER['HTTP_X_FORWARD ED_FOR'];
}
else
{
$userip = $_SERVER['REMOTE_ADDR'];
}

*Rob

Re: Client's IP address retrival

>> If say you wanted to ban users from a particular IP then I wouldn't[color=blue][color=green]
>> trust this method, but if you just want the IP for cosmetic reasons
>> then I'm sure you can live with the pitfalls.[/color]
>
>could you can do it with php....
>this may not work with annonymous proxies...[/color]

It also won't work with non-proxies operated by users annoying
enough that you want to ban them (if the reason for getting the IP
is to ban someone). It's easy enough for someone to add a fake
header, especially if they are using telnet (or CURL) as a browser.
Or, they can set up their own proxy on their own machine, rigged
to send a fake HTTP_X_FORWARDE D_FOR header.

If you are trying to track abuse, you should at least log *BOTH* of
these variables. If the user is abusive, HTTP_X_FORWARDE D_FOR
can be a complete fake. REMOTE_ADDR at least gives you an idea
of which ISP to complain to if the problem gets serious enough.
[color=blue]
>but most ISP's should forward this header.
>
>if(isset($_SER VER['HTTP_X_FORWARD ED_FOR']))
>{
> $userip = $_SERVER['HTTP_X_FORWARD ED_FOR'];
>}
>else
>{
> $userip = $_SERVER['REMOTE_ADDR'];
>}[/color]

Gordon L. Burditt