PHP to obtain User Client real IP solution _php instance

Getting the client IP is not really a simple job, because there are IP spoofing, and agent issues, so get the authenticity of the client's IP will be discounted, not hundred percent accurate. But we still try to find a better way to get the client real IP. The way to get IP using PHP is to find a lot.

function GetIP () {
if (getenv ("Http_client_ip") && strcasecmp (getenv ("Http_client_ip"), "Unknown"
) $ip = getenv ("Http_client_ip");
else if (getenv ("Http_x_forwarded_for") && strcasecmp (getenv ("Http_x_forwarded_for"), "Unknown")
$ip = Getenv ("Http_x_forwarded_for");
else if (getenv ("REMOTE_ADDR") && strcasecmp (getenv ("REMOTE_ADDR"), "Unknown")
$ip = getenv ("remote_addr ");
else if (isset ($_server[' remote_addr ']) && $_server[' remote_addr '] && strcasecmp ($_server[' Remote_ ADDR '], "unknown")
$ip = $_server[' remote_addr '];
else
$ip = "Unknown";
return ($IP);

Now you need to explain this code, which uses two functions, getenv () and strcasecmp (), the previous function to obtain the system's environment variable, if you can get the value, then return the value, can not return false.

$_server is an array of server super global variables and can also obtain the IP address of the client with $_server[' REMOTE_ADDR '. The difference is that PHP, which does not support the IIS ISAPI way, is getenv.

The use of strcasecmp (STRING1,STRING2) String functions is to compare string1 and string2, if equality returns 0, if the string1 is greater than string2, the number greater than 0 is returned, and less than 0 is returned.

The function uses the client IP first, if does not establish the method which attempts to use the proxy, if not, then uses the REMOTE_ADDR.

Also saw a more detailed approach to detect IP, consider IP spoofing, and multiple proxy code. The method is similar.

function GetIP () {
$unknown = ' unknown ';
if (Isset ($_server[' http_x_forwarded_for ']) && $_server[' http_x_forwarded_for '] && strcasecmp ($_ server[' Http_x_forwarded_for '], $unknown)) {
$ip = $_server[' http_x_forwarded_for '];
elseif (Isset ($_ server[' remote_addr ') && $_server[' remote_addr '] && strcasecmp ($_server[' remote_addr '], $unknown)) {
$ip = $_server[' remote_addr '];
}
/* Handling multi-tier proxies
or using regular mode: $ip = Preg_match ("/[\d\.] {7,15}/", $ip, $matches)? $matches [0]: $unknown;
*/
if (False!== Strpos ($ip, ', '))
$ip = Reset (Explode (', ', $ip));
return $ip;
}

One, do not use proxy server PHP to obtain client IP situation:

REMOTE_ADDR = Client IP
Http_x_forwarded_for = no value or no display

Second, the use of transparent proxy server situation: transparent proxies

REMOTE_ADDR = Last Proxy server IP
http_x_forwarded_for = Client Real IP (this value is similar when passed through multiple proxy servers: 221.5.252.160, 203.98.182.163, 203.129.72.215)

This kind of proxy server still sends the client real IP to the Access object, cannot achieve the goal which hides the true identity.

Third, the use of ordinary anonymous proxy server PHP to obtain client IP situation: Anonymous proxies

REMOTE_ADDR = Last Proxy server IP
http_x_forwarded_for = Proxy Server IP (this value is similar after multiple proxy servers: 203.98.182.163, 203.98.182.163, 203.129.72.215)

In this case, the client's true IP is hidden, but it is revealed to the Access object that the client uses a proxy server to access them.

Iv. use of deceptive proxy servers: distorting proxies

REMOTE_ADDR = Proxy Server IP
Http_x_forwarded_for = Random IP (after multiple proxy servers, this value is similar: 220.4.251.159, 203.98.182.163, 203.129.72.215)

This case also revealed that the client is using a proxy server, but fabricated a false random IP (220.4.251.159) instead of the client's real IP to deceive it.

V. Use high anonymous proxy server PHP to obtain client IP situation: Gao anonymity proxies (Elite proxies)

REMOTE_ADDR = Proxy Server IP

Http_x_forwarded_for = no value or no display

Either REMOTE_ADDR or http_forwarded_for, these header messages may not be able to be achieved because different browsers may send different IP header messages to different network devices. So PHP uses $_server["REMOTE_ADDR", $_ server["Http_x_forwarded_for"] gets a value that might be a null value or a "unknown" value.

The above is a small set to introduce PHP users to obtain the real IP user Client solutions, I hope to help you, if you have any questions please give me a message, small series will promptly reply to everyone. Here also thank you very much for the cloud Habitat Community website support!