PHP Get client IP

The following is reproduced:

REMOTE_ADDR can only get the IP that is set in the visitor's local connection, such as the 10 in the campus network of Zhongnan University of Nationalities. X.xxx. XXX Series IP, and this function gets the IP address of the LAN gateway exit,

If a visitor uses a proxy server, it does not acquire the IP of the proxy server, but rather gets the real IP of the visitor gateway. If you apply this function to a Web page that is restricted to IP access, other people will not be able to access the page even if they access the proxy server in the segment via IP.

Define a function GetIP ()

function GetIP ()

{

Global $ip;

if (getenv ("Http_client_ip"))

$ip = getenv ("Http_client_ip");

else if (getenv ("Http_x_forwarded_for"))

$ip = getenv ("Http_x_forwarded_for");

else if (getenv ("REMOTE_ADDR"))

$ip = getenv ("REMOTE_ADDR");

else $ip = "Unknow";

return $IP;

}

How to use:

echo GetIP ();

Getenv ("REMOTE_ADDR") is used to obtain the IP address of the client, but if the client is accessed using a proxy server, it is the IP address of the proxy server, not the real client IP address. To obtain the real IP address of the client through the proxy server, it is necessary to use getenv ("Http_x_forwarded_for") to read.

However, if the client is not accessed through a proxy server, the value taken with getenv ("Http_x_forwarded_for") will be empty.

else if (getenv ("Http_x_forwarded_for"))

$ip = getenv ("Http_x_forwarded_for");

Indicates that if getenv ("Http_x_forwarded_for") takes a value that is not empty (that is, if the client uses a proxy server), the variable $ip equals the real IP value taken by getenv ("Http_x_forwarded_for").

The following $ip = getenv ("http_x_forwarded_for") will not be performed if the else if (getenv ("Http_x_forwarded_for") above has a null value (that is, no proxy server is used);

In this case, it has been confirmed that the client is not using a proxy server,

else if (getenv ("REMOTE_ADDR"))

$ip = getenv ("REMOTE_ADDR");

These two lines of statements get the IP address of the client as well as the real IP address.

-------------------------------------------------------------------------------------------

The Following is also reproduced:?

Do the website often use REMOTE_ADDR and x_forwarded_for This two header information to obtain the client's IP, however, when there is a reverse proxy or CDN, these two values are not accurate enough, need to adjust some configuration.

What is REMOTE_ADDR

REMOTE_ADDR represents the IP of the client, but its value is not provided by the client, but the server is specified according to the client's IP, when your browser accesses a website, assuming there is no proxy in the middle, then the web site of the website (Nginx, Apache, etc.) will be REMOTE_ADDR to your machine IP, if you use an agent, then your browser will first access the agent, and then forwarded to the site by this agent, so that the Web server will be REMOTE_ADDR set as the proxy machine IP.

What is X_forwarded_for

As mentioned above, when you use a proxy, the Web server does not know your real IP, in order to avoid this situation, the proxy server will usually add a header called X_forwarded_for, the connection to its client IP (ie, your internet machine IP) added to this header information, This will ensure that the Web server of the website can obtain the real IP

Use Haproxy to do reverse proxy

In order to support a larger number of traffic, Web sites will add a lot of Web servers and add a reverse proxy (such as Haproxy) in front of these servers to distribute the load evenly across these machines. Your browser is the first to access the reverse proxy, and it forwards your request to the back of the Web server, which makes the Web server will be remote_addr to this reverse proxy IP, in order to get your program to obtain the real client IP, you need to add the following configuration to Haproxy

Option Forwardfor

It works like above, adding a x_forwarded_for header message to add the IP of your internet machine

Using Nginx's Realip module

When the Nginx is behind the Haproxy, the REMOTE_ADDR will be set to Haproxy IP, this value is meaningless, you can pass the Nginx realip module, let it use the value of x_forwarded_for. Use this module to recompile nginx, add--with-http_realip_module parameter

Set_real_ip_from 10.1.10.0/24;

Real_ip_header x-forwarded-for;

The above configuration is the 10.1.10 from the network segment request all use X-forwarded-for in the header information as REMOTE_ADDR

Do an HTTPS proxy in front of the haproxy with the Nginx frame

Web site for security purposes usually use HTTPS connection to transmit sensitive information, HTTPS using SSL encryption, Haproxy can not directly parse, so in front of Haproxy before the first set of Nginx decryption, and then forward to Haproxy do load balancing. So there are two agents in front of the Web server, in order to get it to the real client IP, the following configuration is required.

First, in the Nginx proxy rules set

Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;

This will allow the Nginx HTTPS agent to increase the X_FORWARDED_FOR header information, save the customer's real IP.

Second, modify the configuration of the Haproxy

Option Forwardfor except 10.1.10.0/24

This configuration is similar to the previous set, just a network of IP segments, indicating that if Haproxy received the request is sent by the intranet (https proxy machine), will not set the value of X_forwarded_for, Ensure that the back of the Web server to get the previous HTTPS agent sent over.

Why PHP http_x_forwarded_for and nginx are not the same

When your site uses a CDN, the user accesses the CDN first, and if the CDN does not have a cache, the back-to-source (that is, your reverse proxy) takes the data. When the CDN returns to the source station, it will add the X_forwarded_for header information, save the user's real IP, and your reverse proxy will set this value, but it will not overwrite, but add the IP of the CDN server (that is, the current remote_addr) to X_forwarded_ For the back, so there will be two values in the X_forwarded_for. Nginx uses the first of these values, the customer's real IP, while PHP uses the second, the CDN address. In order for PHP to use the first value, you need to add the following fastcgi configuration.

Fastcgi_param http_x_forwarded_for $http _x_forwarded_for;

It will use the value of Nginx (that is, the first IP) to PHP, so PHP to get the x_forwarded_for in fact there is only one value, it will not use the second CDN IP.

Ignore X_forwarded_for

In fact, when you use the Nginx Realip module, has ensured that the REMOTE_ADDR is set in the client's real IP, and then look at this configuration

Set_real_ip_from 10.1.10.0/24;

Real_ip_header x-forwarded-for;

It is to set X_forwarded_for to REMOTE_ADDR, and Nginx in the X_forwarded_for take is one of the first IP.

Use these settings to ensure that your remote_addr is always set to the client's real IP, and x_forwarded_for can be ignored:)

PHP Get client IP