Menu
Possible Duplicate:
suddenly $_SERVER['REMOTE_ADDR'] is started returning 10.10.10.10 php
I must have missed some fundamental thing here.. But when I navigate to an IP-displaying site such as http://www.whatsmyip.org/ they show a certain IP. But when I echo out $_SERVER["REMOTE_ADDR"] on a page on my site it shows a different IP.
Why is that? And how can I, through PHP, fetch the same IP that the whatsmyip.org site shows?
722
Any $_SERVER variable can be spoofed - e.g. curl_setopt( $ch, CURLOPT_HTTPHEADER, array("REMOTE_ADDR: $ip", "HTTP_X_FORWARDED_FOR: $ip")); So it depends entirely on the context: if the attacker is expecting a response, it will go back to $ip. If they don't care about the response, they can certainly spoof the header.
$_SERVER['REMOTE_ADDR'] Returns the IP address from where the user is viewing the current page.
If your computer is on the same network with your server, behind a router with NAT, then you might see your private IP
126
Firstly let me clarify a few things up.
When your on localhost your not using your ISP To fetch a webpage, thus you would use an internal ip of 127.0.0.1 or ::1 for ipv6.
If your fetching the page from over a local network via a router of some kind, you will have an ip assigned by the router such as 192.168.1.90
if your site is hosted outside the network then you ask your ISP to fetch the site for you, meaning you get use the IP specified by whatsmyip.
if your using a DNS Server such as Opendns then your asking your ISP to ask Opendns to fetch the site for you, and open dns uses a set of ip's that are different to yours for obvious reasons.
there may be some sort of proxy that may be interfering, so what you should do is counter for that, a standard proxy site should forward the clients IP on to the server incase of any direct connections required and for several other reasons.
This being said you can usually find the IP by checking several other params before you check REMOTE_ADDR, here is a class I have created for one of my projects but you can just take what you need:
https://github.com/AdminSpot/ASDDL/blob/master/system/classes/http/request.php
foreach (array('HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR') as $key)
{
if (array_key_exists($key, $_SERVER) === true)
{
foreach (explode(',', $_SERVER[$key]) as $ip)
{
if (filter_var($ip, FILTER_VALIDATE_IP) !== false)
{
$this->ip = $ip;
break;
}
}
}
}
As you can see the order of the array is very important:
notice the REMOTE_ADDR comes last, this is because this is the last resort and most of the time is incorrect.
30
When your web server is on your local machine it will give you your local IP address mostly 127.0.0.1, that is because you are not accessing it from outside. That is reason.
21
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
