How PHP obtains the client's real IP address

$_server["REMOTE_ADDR" is often used in PHP get client IP. However, if the client is accessed using a proxy server, then the IP address of the proxy server is taken, not the real client IP address. To get the real IP address of the client through the proxy server, it is necessary to use $_server["http_x_forwarded_for" to read.

But only if the client uses "Transparent proxy", the value of $_server["Http_x_forwarded_for" is the real IP of the client (if it is a multi-tier proxy, the value may be composed of the client's real IP and the IP of multiple proxy servers, separated by commas ","), In the case of "anonymous proxy", "Deceptive proxy" is the IP value of the proxy server (if it is a multi-tier proxy, the value may consist of multiple proxy IP, separated by a comma ","), in the case of "high anonymous proxy" is a null value.

The REMOTE_ADDR, http_forwarded_for values in the HTTP header information are described in detail below, assuming the client's real IP is 221.5.252.160:

One, not using the proxy server PHP to obtain the client IP situation:

REMOTE_ADDR = Client IP

Http_x_forwarded_for = no value or no display

Second, the use of transparent proxy server situation: Transparent Proxies

REMOTE_ADDR = Last Proxy server IP

http_x_forwarded_for = Client Real IP (this value is similar across multiple proxy servers: 221.5.252.160, 203.98.182.163, 203.129.72.215)

This kind of proxy server still sends the client's real IP to the Access object, it can't achieve the purpose of hiding the real identity.

Third, the use of ordinary anonymous proxy server PHP get client IP situation: Anonymous Proxies

REMOTE_ADDR = Last Proxy server IP

http_x_forwarded_for = Proxy Server IP (this value is similar across multiple proxy servers: 203.98.182.163, 203.98.182.163, 203.129.72.215)

In this case, the real IP of the client is hidden, but the Access object is disclosed to the client using a proxy server to access them.

Iv. use of deceptive proxy servers: distorting Proxies

REMOTE_ADDR = Proxy Server IP

Http_x_forwarded_for = Random IP (this value is similar across multiple proxy servers: 220.4.251.159, 203.98.182.163, 203.129.72.215)

This situation also revealed that the client was using a proxy server, but fabricated a bogus random IP (220.4.251.159) instead of the client's real IP to deceive it.

V. Use of high anonymous proxy server PHP to obtain client IP condition: Anonymity Proxies (Elite Proxies)

REMOTE_ADDR = Proxy Server IP

Http_x_forwarded_for = no value or no display

These header messages may not be available, either REMOTE_ADDR or http_forwarded_for, because different browsers might send different IP header messages for different network devices. So PHP uses $_server["REMOTE_ADDR"], $_server["http_x_forwarded_for"] to get a value that might be a null value or a "unknown" value.

Therefore, the code to get the client IP using PHP can be as follows:

function GetIP () {      $unknown = ' unknown ';      if (Isset ($_server[' http_x_forwarded_for '))         && $_server[' http_x_forwarded_for ']         && STRCASECMP ($_server[' http_x_forwarded_for '), $unknown)     ) {          $ip = $_server[' http_x_forwarded_for '];      } ElseIf (Isset ($_server[' remote_addr ")         && $_server[' remote_addr '] &&         strcasecmp ($_server[ ' REMOTE_ADDR '], $unknown))     {          $ip = $_server[' remote_addr '];      }      /**       * Processing of multi-tier proxies       * or using regular mode: $ip = Preg_match ("/[\d\.")     * {7,15}/", $ip, $matches)? $matches [0]: $unknown;       */      if (False!== Strpos ($ip, ', '))          $ip = Reset (Explode (', ', $ip));      return $ip;  }

