Analysis and Implementation Code for PHP to obtain the real IP address of the client, and analysis of 5 Cases

Source: Internet
Author: User

Analysis and Implementation Code for PHP to obtain the real IP address of the client, and analysis of 5 Cases

$ _ SERVER ["REMOTE_ADDR"] is often used to obtain the Client IP address in PHP.
(1) If the client is accessed by a proxy server, the IP address of the proxy server is obtained, rather than the real IP address of the client. To obtain the real IP address of the client through the proxy SERVER, use $ _ SERVER ["HTTP_X_FORWARDED_FOR"] to read it.
(2) but only when the client uses a "transparent proxy", the value of $ _ SERVER ["HTTP_X_FORWARDED_FOR"] is the real IP address of the client (if it is a multi-layer proxy, this value may be composed of the real IP address of the client and the IP addresses of multiple proxy servers, separated by commas ).
(3) In the case of "anonymous proxy" and "fraudulent proxy", it is the IP address value of the proxy server (if it is a multi-layer proxy, this value may consist of IP addresses of multiple proxy servers, separated by commas ).
(4) It is a null value in the case of "high anonymous proxy.

The REMOTE_ADDR and HTTP_FORWARDED_FOR values in the HTTP header are analyzed as follows. Assume that the real IP address of the client is 221.5.252.160:

1. PHP that does not use the proxy server to obtain the Client IP Address:
Copy codeThe Code is as follows: REMOTE_ADDR = 221.5.252.160
HTTP_VIA = no value or no display
HTTP_X_FORWARDED_FOR = no value or no display

Ii. Transparent proxy server: Transparent Proxies
Copy codeThe Code is as follows: REMOTE_ADDR = IP address of the last Proxy Server
HTTP_VIA = Proxy Server IP Address
HTTP_X_FORWARDED_FOR = real client IP address (when multiple proxy servers are used, this value is similar to: 221.5.252.160, 203.98.1820.3, 203.129.72.215)

This type of proxy server still sends the real IP address of the client to the access object, which cannot hide the real identity.

3. Use PHP on the normal Anonymous proxy server to obtain the Client IP Address: Anonymous Proxies
Copy codeThe Code is as follows:
REMOTE_ADDR = IP address of the last Proxy Server
HTTP_VIA = Proxy Server IP Address
HTTP_X_FORWARDED_FOR = Proxy Server IP address (when multiple proxy servers are used, this value is similar to: 203.98.1820.3, 203.98.1820.3, 203.129.72.215)

In this case, the real IP address of the client is hidden, but the client accesses the client by using a proxy server.

Iv. destorting Proxies
Copy codeThe Code is as follows: REMOTE_ADDR = Proxy Server IP Address
HTTP_VIA = Proxy Server IP Address
HTTP_X_FORWARDED_FOR = random IP address (when multiple proxy servers are used, this value is similar to: 220.4.251.159, 203.98.1820.3, 203.129.72.215)

In this case, we also revealed that the client uses a proxy server, but fabricated a false random IP address (220.4.251.159) to replace the real IP address of the client to cheat it.

5. Use PHP on the highly anonymous proxy server to obtain the Client IP Address: High Anonymity Proxies (Elite proxies)
Copy codeThe Code is as follows: REMOTE_ADDR = Proxy Server IP Address

HTTP_VIA = no value or no display
HTTP_X_FORWARDED_FOR = no value or no display.

Whether it is REMOTE_ADDR or HTTP_FORWARDED_FOR, these header messages may not be obtained, because different network devices in different browsers may send different IP header messages. Therefore, PHP uses $ _ SERVER ["REMOTE_ADDR"] and $ _ SERVER ["HTTP_X_FORWARDED_FOR"] to obtain a null value or an "unknown" value.

When using PHP to obtain the Client IP address, you must note that the same effect can be achieved using the getenv function ('HTTP _ X_FORWARDED_FOR ') or getenv ('remote _ ADDR. However, getenv () does not support PHP running in IIS isapi mode.

REMOTE_ADDR is the IP address when your client "shakes hands" with your server. If "anonymous proxy" is used, REMOTE_ADDR displays the IP address of the proxy server.

HTTP_CLIENT_IP is the HTTP header sent by the proxy server. If it is a "Super anonymous proxy", the return value is none. Similarly, REMOTE_ADDR will be replaced with the IP address of the proxy server.

$ _ SERVER ['remote _ ADDR ']; // IP address of the access end (which may be a user or a proxy)

$ _ SERVER ['HTTP _ CLIENT_IP ']; // proxy end (it may exist and can be forged)

$ _ SERVER ['HTTP _ X_FORWARDED_FOR ']; // the proxy of the user's IP address (which may exist or can be forged)

PHP code written based on the above situations:
Copy codeThe Code is as follows:
<? Php
Function getip (){
$ Unknown = 'unknown ';
If (isset ($ _ SERVER ['HTTP _ X_FORWARDED_FOR ']) & $ _ SERVER ['HTTP _ X_FORWARDED_FOR '] & strcasecmp ($ _ SERVER ['HTTP _ X_FORWARDED_FOR'], $ unknown )){
$ Ip = $ _ SERVER ['HTTP _ X_FORWARDED_FOR '];
}
Elseif (isset ($ _ SERVER ['remote _ ADDR ']) & $ _ SERVER ['remote _ ADDR '] & strcasecmp ($ _ SERVER ['remote _ ADDR'], $ unknown )){
$ Ip = $ _ SERVER ['remote _ ADDR '];
}
}
?>


How does PHP obtain the real IP address of the client?

If you apply this function to a webpage with limited IP Access, other users will not be able to access the webpage even if they access the proxy server in the restricted IP segment.
The following provides a function: <? Php
// Define a function getIP ()
Function getIP () {global $ ip;
If (getenv ("HTTP_CLIENT_IP "))
$ Ip = getenv ("HTTP_CLIENT_IP ");
Else if (getenv ("HTTP_X_FORWARDED_FOR "))
$ Ip = getenv ("HTTP_X_FORWARDED_FOR ");
Else if (getenv ("REMOTE_ADDR "))
$ Ip = getenv ("REMOTE_ADDR"); else $ ip = "Unknow ";
Return $ ip ;}
// Usage:
Echo getIP () ;?>
Getenv ("REMOTE_ADDR") is used to obtain the IP address of the client. However, if the client is accessed by the proxy server, the obtained IP address is the IP address of the proxy server rather than the real IP address of the client. To obtain the real IP address of the client through the proxy server, use getenv ("HTTP_X_FORWARDED_FOR") to read.
However, if the client is not accessed through the proxy server, the value obtained using getenv ("HTTP_X_FORWARDED_FOR") will be null.
Else if (getenv ("HTTP_X_FORWARDED_FOR "))
$ Ip = getenv ("HTTP_X_FORWARDED_FOR ");
Indicates that if the value obtained by getenv ("HTTP_X_FORWARDED_FOR") is not null (that is, when the client uses the proxy server), the variable $ ip is equal to getenv ("HTTP_X_FORWARDED_FOR ") the actual IP address.
If the value obtained by the preceding else if (getenv ("HTTP_X_FORWARDED_FOR") is null (that is, no proxy server is used ), the following $ ip = getenv ("HTTP_X_FORWARDED_FOR") is not executed.
In this case, it has been confirmed that the client does not use the proxy server
Else if (getenv ("REMOTE_ADDR "))

How does PHP obtain the real IP address of the client?

. X. XXX. XXX series IP address. This function obtains the IP address of the LAN gateway egress. If a visitor uses a proxy server, the visitor does not obtain the IP address of the proxy server, but the real IP address of the visitor gateway. If you apply this function to a webpage with limited IP Access, other users will not be able to access the webpage even if they access the proxy server in the restricted IP segment. The following provides a function: <? Php // defines a function getIP () {global $ ip; if (getenv ("HTTP_CLIENT_IP") $ ip = getenv ("HTTP_CLIENT_IP "); else if (getenv ("register") $ ip = getenv ("HTTP_X_FORWARDED_FOR"); else if (getenv ("REMOTE_ADDR") $ ip = getenv ("REMOTE_ADDR "); else $ ip = "Unknow"; return $ ip;} // usage: echo getIP ();?> Getenv ("REMOTE_ADDR") is used to obtain the IP address of the client. However, if the client is accessed by the proxy server, the obtained IP address is the IP address of the proxy server rather than the real IP address of the client. To obtain the real IP address of the client through the proxy server, use getenv ("HTTP_X_FORWARDED_FOR") to read. However, if the client is not accessed through the proxy server, the value obtained using getenv ("HTTP_X_FORWARDED_FOR") will be null. Else if (getenv ("HTTP_X_FORWARDED_FOR") $ ip = getenv ("HTTP_X_FORWARDED_FOR"); indicates that if getenv ("HTTP_X_FORWARDED_FOR ") if the obtained value is not null (that is, when the client uses the proxy server), the variable $ ip is equal to the real IP value obtained by getenv ("HTTP_X_FORWARDED_FOR. If the value obtained by the preceding else if (getenv ("HTTP_X_FORWARDED_FOR") is null (that is, no proxy server is used ), the following $ ip = getenv ("HTTP_X_FORWARDED_FOR") is not executed. In this case, it is confirmed that the client does not use the proxy server, so that the client's IP address can be obtained through the else if (getenv ("REMOTE_ADDR") statement.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.