Analysis of several PHP client IP addresses: no proxy server is used, transparent proxy server is used, normal anonymous proxy server is used, fraudulent proxy server is used, and high anonymous proxy server is used. In this article, we will introduce in detail how PHP obtains the client and analyzes several PHP requests to obtain the client IP addresses.
PHP obtains the client IP address in the following ways: no proxy server is used, transparent proxy server is used, normal anonymous proxy server is used, fraudulent proxy server is used, and high anonymous proxy server is used.
In this article, we will introduce in detail several cases of PHP obtaining client IP addresses. The IP address we obtained using PHP may be the real IP address of the client, or the IP address of the proxy server, or the IP address value may not be obtained at all.
$ _ SERVER ["REMOTE_ADDR"] is often used to obtain the client IP address in PHP. However, if the client is accessed by a proxy server, the IP address of the proxy server is obtained, rather than the real IP address of the client. To obtain the real IP address of the client through the proxy SERVER, use $ _ SERVER ["HTTP_X_FORWARDED_FOR"] to read it.
But only when the client uses a "transparent proxy", the value of $ _ SERVER ["HTTP_X_FORWARDED_FOR"] is the real IP address of the client (if it is a multi-layer proxy, this value may be composed of the real IP address of the client and the IP addresses of multiple proxy servers, separated by commas ), in the case of "anonymous proxy" and "fraudulent proxy", it is the IP address of the proxy server (if it is a multi-layer proxy, this value may be composed of the IP addresses of multiple proxy servers, separated by commas (,). The value is null in the case of "high anonymous proxy.
The REMOTE_ADDR and HTTP_FORWARDED_FOR values in the HTTP header are described in detail below. assume that the real IP address of the client is 221.5.252.160:
1. PHP that does not use the proxy server to obtain the client IP address:
REMOTE_ADDR = client IP address
HTTP_X_FORWARDED_FOR = no value or no Display
II. Transparent Proxy Server: Transparent Proxies
REMOTE_ADDR = IP address of the last proxy server
HTTP_X_FORWARDED_FOR = real client IP address (when multiple proxy servers are used, this value is similar to: 221.5.252.160, 203.98.1820.3, 203.129.72.215)
This type of proxy server still sends the real IP address of the client to the access object, which cannot hide the real identity.
3. use PHP on the normal Anonymous proxy server to obtain the client IP address: Anonymous Proxies
REMOTE_ADDR = IP address of the last proxy server
HTTP_X_FORWARDED_FOR = proxy server IP address (when multiple proxy servers are used, this value is similar to: 203.98.1820.3, 203.98.1820.3, 203.129.72.215)
In this case, the real IP address of the client is hidden, but the client accesses the client by using a proxy server.
IV. destorting Proxies
REMOTE_ADDR = proxy server IP address
HTTP_X_FORWARDED_FOR = random IP address (when multiple proxy servers are used, this value is similar to: 220.4.251.159, 203.98.1820.3, 203.129.72.215)
In this case, we also revealed that the client uses a proxy server, but fabricated a false random IP address (220.4.251.159) to replace the real IP address of the client to cheat it.
5. use PHP on the highly anonymous proxy server to obtain the client IP address: High Anonymity Proxies (Elite proxies)
REMOTE_ADDR = proxy server IP address
HTTP_X_FORWARDED_FOR = no value or no Display
Whether it is REMOTE_ADDR or HTTP_FORWARDED_FOR, these header messages may not be obtained, because different network devices in different browsers may send different IP header messages. Therefore, PHP uses $ _ SERVER ["REMOTE_ADDR"] and $ _ SERVER ["HTTP_X_FORWARDED_FOR"] to obtain a null value or an "unknown" value.
Therefore, the code for getting the client IP address using PHP can be as follows:
Function getip () {$ unknown = 'unknown '; if (isset ($ _ SERVER ['http _ X_FORWARDED_FOR']) & $ _ SERVER ['http _ X_FORWARDED_FOR '] & strcasecmp ($ _ SERVER ['http _ X_FORWARDED_FOR'], $ unknown )) {$ ip = $ _ SERVER ['http _ X_FORWARDED_FOR '];} elseif (isset ($ _ SERVER ['remote _ ADDR']) & $ _ SERVER ['remote _ ADDR '] & strcasecmp ($ _ SERVER ['remote _ ADDR'], $ unknown )) {$ ip = $ _ SERVER ['remote _ ADDR '];}/* handle multi-layer proxies or use regular expressions: $ I P = preg_match ("/[\ d \.] {7, 15}/", $ ip, $ matches )? $ Matches [0]: $ unknown; */if (false! = Strpos ($ ip, ',') $ ip = reset (explode (',', $ ip); return $ ip;} function getip () {$ unknown = 'unknown '; if (isset ($ _ SERVER ['http _ X_FORWARDED_FOR']) & $ _ SERVER ['http _ X_FORWARDED_FOR '] & strcasecmp ($ _ SERVER ['http _ X_FORWARDED_FOR'], $ unknown )) {$ ip = $ _ SERVER ['http _ X_FORWARDED_FOR '];} elseif (isset ($ _ SERVER ['remote _ ADDR']) & $ _ SERVER ['remote _ ADDR '] & strcasecmp ($ _ SERVER ['remote _ ADDR'], $ u Nknown) {$ ip = $ _ SERVER ['remote _ ADDR '];}/* handle multi-layer proxies or use the regular expression method: $ ip = preg_match ("/[\ d \.] {7, 15}/", $ ip, $ matches )? $ Matches [0]: $ unknown; */if (false! = Strpos ($ ip, ',') $ ip = reset (explode (',', $ ip); return $ ip ;}
When using PHP to obtain the client IP address, you must note that the same effect can be achieved using the getenv function ('http _ X_FORWARDED_FOR ') or getenv ('remote _ ADDR. However, getenv () does not support PHP running in IIS isapi mode.