Home > Tutorials > PHP Tutorials

Introduction to PHP's method of obtaining the client's real IP

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
    2. function GetIP () {
    3. if (getenv ("Http_client_ip") && strcasecmp (getenv ("Http_client_ip"), "Unknown")
    4. $ip = getenv ("Http_client_ip");
    5. else if (getenv ("Http_x_forwarded_for") && strcasecmp (getenv ("Http_x_forwarded_for"), "Unknown")
    6. $ip = getenv ("Http_x_forwarded_for");
    7. else if (getenv ("REMOTE_ADDR") && strcasecmp (getenv ("REMOTE_ADDR"), "Unknown")
    8. $ip = getenv ("REMOTE_ADDR");
    9. else if (isset ($_server[' remote_addr ')) && $_server[' remote_addr '] && strcasecmp ($_server[' Remote_ ADDR '], "unknown"))
    10. $ip = $_server[' remote_addr ');
    11. Else
    12. $ip = "Unknown";
    13. return ($IP);
    14. ?>
Copy Code

Note: The above code uses two functions, getenv () and strcasecmp (), the previous function obtains the system environment variable, if can fetch the value, then returns the value, cannot return false. The $_server is an array of server super global variables, and the IP address of the client can also be obtained with $_server[' REMOTE_ADDR '. The difference is that getenv does not support PHP, which is run by the ISAPI mode of IIS. The use of strcasecmp (STRING1,STRING2) String functions is to compare string1 and string2, if equal returns 0, if string1 is greater than string2, returns a number greater than 0, less than 0. The function uses the client IP first, if not the method of trying to use proxy, if not, then use REMOTE_ADDR.

Here's another way to detect IP in more detail, considering IP spoofing and multi-agent code, similar to the following:

    2. function GetIP () {
    3. $unknown = ' unknown ';
    4. if (Isset ($_server[' http_x_forwarded_for ')) && $_server[' http_x_forwarded_for '] && strcasecmp ($_ server[' Http_x_forwarded_for '], $unknown)) {
    5. $ip = $_server[' http_x_forwarded_for ');
    6. } elseif (Isset ($_server[' remote_addr ") && $_server[' remote_addr '] && strcasecmp ($_server[' Remote_ ADDR '], $unknown)) {
    7. $ip = $_server[' remote_addr ');
    8. }
    9. /*
    10. Handling multi-tier proxies
    11. or use regular mode: $ip = Preg_match ("/[\d\.") {7,15}/", $ip, $matches)? $matches [0]: $unknown;
    12. */
    13. if (False!== Strpos ($ip, ', '))
    14. $ip = Reset (Explode (', ', $ip));
    15. return $IP;
    16. }
    17. ?>
Copy Code

Attachment, for reference study: One, no proxy server PHP get client IP situation: remote_addr = Client Iphttp_x_forwarded_for = no value or not displayed

second, the use of transparent proxy server situation: Transparent Proxies REMOTE_ADDR = Last Proxy Server iphttp_x_forwarded_for = client Real IP (this value is similar after multiple proxy servers: 221.5.252.160, 203.98.182.163, 203.129.72.215) This kind of proxy server still sends the client real IP to the Access object, unable to achieve the purpose of hiding the real identity.

third, the use of ordinary anonymous proxy server PHP get client IP situation: Anonymous Proxies REMOTE_ADDR = Last Proxy Server iphttp_x_forwarded_for = Proxy Server IP (this value is similar when multiple proxy servers are passed: 203.98.182.163, 203.98.182.163, 203.129.72.215) In this case, the real IP of the client is hidden, but the Access object is disclosed to the client using a proxy server to access them.

Iv. use of deceptive proxy servers: distorting Proxies REMOTE_ADDR = Proxy Server iphttp_x_forwarded_for = Random IP (after multiple proxy servers, this value is similar: 220.4.251.159, 203.98.182.163, 203.129.72.215) This situation also revealed that the client was using a proxy server, but fabricated a bogus random IP (220.4.251.159) instead of the client's real IP to deceive it.

v. Use of high anonymous proxy server PHP to obtain client IP condition: Anonymity Proxies (Elite Proxies) REMOTE_ADDR = Proxy Server iphttp_x_forwarded_for = no value or no display

These header messages may not be available, either REMOTE_ADDR or http_forwarded_for, because different browsers might send different IP header messages for different network devices. So PHP uses $_server["REMOTE_ADDR"], $_ The value obtained by server["Http_x_forwarded_for"] may be either a null value or a "unknown" value.

    • This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    Get Started for Free

    • Sales Support

      1 on 1 presale consultation

      Chat Contact Sales

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

      Open a Ticket

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

      Learn More