Analyze the situation of several PHP requests for client IP addresses

Source: Internet
Author: User
Analysis of several PHP client IP addresses: no proxy server is used, transparent proxy server is used, normal anonymous proxy server is used, fraudulent proxy server is used, and high anonymous proxy server is used. In this article, we will introduce in detail several cases of PHP obtaining client IP addresses. The IP address we get using PHP may be the real IP address of the client, or it may be the agent analysis of several PHP requests to obtain the client IP address.
PHP obtains the client IP address in the following ways: no proxy server is used, transparent proxy server is used, normal anonymous proxy server is used, fraudulent proxy server is used, and high anonymous proxy server is used.

In this article, we will introduce in detail several cases of PHP obtaining client IP addresses. The IP address we obtained using PHP may be the real IP address of the client, or the IP address of the proxy server, or the IP address value may not be obtained at all.

$ _ SERVER ["REMOTE_ADDR"] is often used to obtain the client IP address in PHP. However, if the client is accessed by a proxy server, the IP address of the proxy server is obtained, rather than the real IP address of the client. To obtain the real IP address of the client through the proxy SERVER, use $ _ SERVER ["HTTP_X_FORWARDED_FOR"] to read it.

But only when the client uses a "transparent proxy", the value of $ _ SERVER ["HTTP_X_FORWARDED_FOR"] is the real IP address of the client (if it is a multi-layer proxy, this value may be composed of the real IP address of the client and the IP addresses of multiple proxy servers, separated by commas ), in the case of "anonymous proxy" and "fraudulent proxy", it is the IP address of the proxy server (if it is a multi-layer proxy, this value may be composed of the IP addresses of multiple proxy servers, separated by commas (,). The value is null in the case of "high anonymous proxy.

The REMOTE_ADDR and HTTP_FORWARDED_FOR values in the HTTP header are described in detail below. assume that the real IP address of the client is 221.5.252.160:

1. PHP that does not use the proxy server to obtain the client IP address:

REMOTE_ADDR = client IP address

HTTP_X_FORWARDED_FOR = no value or no Display

II. Transparent Proxy Server: Transparent Proxies

REMOTE_ADDR = IP address of the last proxy server

HTTP_X_FORWARDED_FOR = real client IP address (when multiple proxy servers are used, this value is similar to: 221.5.252.160, 203.98.1820.3, 203.129.72.215)

This type of proxy server still sends the real IP address of the client to the access object, which cannot hide the real identity.

3. use PHP on the normal Anonymous proxy server to obtain the client IP address: Anonymous Proxies

REMOTE_ADDR = IP address of the last proxy server

HTTP_X_FORWARDED_FOR = proxy server IP address (when multiple proxy servers are used, this value is similar to: 203.98.1820.3, 203.98.1820.3, 203.129.72.215)

In this case, the real IP address of the client is hidden, but the client accesses the client by using a proxy server.

IV. destorting Proxies

REMOTE_ADDR = proxy server IP address

HTTP_X_FORWARDED_FOR = random IP address (when multiple proxy servers are used, this value is similar to: 220.4.251.159, 203.98.1820.3, 203.129.72.215)

In this case, we also revealed that the client uses a proxy server, but fabricated a false random IP address (220.4.251.159) to replace the real IP address of the client to cheat it.

5. use PHP on the highly anonymous proxy server to obtain the client IP address: High Anonymity Proxies (Elite proxies)

REMOTE_ADDR = proxy server IP address

HTTP_X_FORWARDED_FOR = no value or no Display

Whether it is REMOTE_ADDR or HTTP_FORWARDED_FOR, these header messages may not be obtained, because different network devices in different browsers may send different IP header messages. Therefore, PHP uses $ _ SERVER ["REMOTE_ADDR"] and $ _ SERVER ["HTTP_X_FORWARDED_FOR"] to obtain a null value or an "unknown" value.

Therefore, the code for getting the client IP address using PHP can be as follows:
Function getip () {$ unknown = 'unknown '; if (isset ($ _ SERVER ['http _ X_FORWARDED_FOR']) & $ _ SERVER ['http _ X_FORWARDED_FOR '] & strcasecmp ($ _ SERVER ['http _ X_FORWARDED_FOR'], $ unknown )) {$ ip = $ _ SERVER ['http _ X_FORWARDED_FOR '];} elseif (isset ($ _ SERVER ['remote _ ADDR']) & $ _ SERVER ['remote _ ADDR '] & strcasecmp ($ _ SERVER ['remote _ ADDR'], $ unknown )) {$ ip = $ _ SERVER ['remote _ ADDR '];}/* handle multi-layer proxies or use regular expressions: $ I P = preg_match ("/[\ d \.] {7, 15}/", $ ip, $ matches )? $ Matches [0]: $ unknown; */if (false! = Strpos ($ ip, ',') $ ip = reset (explode (',', $ ip); return $ ip;} function getip () {$ unknown = 'unknown '; if (isset ($ _ SERVER ['http _ X_FORWARDED_FOR']) & $ _ SERVER ['http _ X_FORWARDED_FOR '] & strcasecmp ($ _ SERVER ['http _ X_FORWARDED_FOR'], $ unknown )) {$ ip = $ _ SERVER ['http _ X_FORWARDED_FOR '];} elseif (isset ($ _ SERVER ['remote _ ADDR']) & $ _ SERVER ['remote _ ADDR '] & strcasecmp ($ _ SERVER ['remote _ ADDR'], $ u Nknown) {$ ip = $ _ SERVER ['remote _ ADDR '];}/* handle multi-layer proxies or use the regular expression method: $ ip = preg_match ("/[\ d \.] {7, 15}/", $ ip, $ matches )? $ Matches [0]: $ unknown; */if (false! = Strpos ($ ip, ',') $ ip = reset (explode (',', $ ip); return $ ip ;}



When using PHP to obtain the client IP address, you must note that the same effect can be achieved using the getenv function ('http _ X_FORWARDED_FOR ') or getenv ('remote _ ADDR. However, getenv () does not support PHP running in IIS isapi mode.

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.