Home >Backend Development >PHP Tutorial >In-depth analysis of several situations in which PHP obtains client IP_PHP Tutorial
In-depth analysis of several situations in which PHP obtains client IP_PHP Tutorial
- WBOYOriginal
- 2016-07-15 13:32:17753browse
In this article, we will introduce to you in detail
$_SERVER["REMOTE_ADDR"] is often used in PHP to obtain the client IP. But if the client uses a proxy server to access, what is obtained is the IP address of the proxy server, not the real client IP address. To obtain the client's real IP address through a proxy server, use $_SERVER["HTTP_X_FORWARDED_FOR"] to read it.
But only when the client uses a "transparent proxy", the value of $_SERVER["HTTP_X_FORWARDED_FOR"] is the real IP of the client (if it is a multi-layer proxy, this value may be the real IP of the client) IP and the IP of multiple proxy servers, separated by commas ","), and in the case of "anonymous proxy" and "deceptive proxy" it is the IP value of the proxy server (if it is a multi-layer proxy, this value may be Composed of the IPs of multiple proxy servers, separated by commas ","), which is a null value in the case of "high anonymity proxy".
Regarding the REMOTE_ADDR and HTTP_FORWARDED_FOR values in the HTTP header information, we will introduce it in detail below. Assume that the client’s real IP is 221.5.252.160:
1. PHP without proxy server to obtain client IP:
REMOTE_ADDR = Client IP
HTTP_X_FORWARDED_FOR = No value or not displayed
2. Use In the case of transparent proxy servers: Transparent Proxies
REMOTE_ADDR = Last proxy server IP
HTTP_X_FORWARDED_FOR = Client real IP (when passing through multiple proxy servers, this value is similar: 221.5.252.160, 203.98 .182.163, 203.129.72.215)
This type of proxy server still sends the client’s real IP to the access object, which cannot achieve the purpose of hiding the true identity.
3. Use PHP of ordinary anonymous proxy server to obtain client IP: Anonymous Proxies
REMOTE_ADDR = Last proxy server IP
HTTP_X_FORWARDED_FOR = Proxy server IP (When passing through multiple proxy servers, this value is similar: 203.98.182.163, 203.98.182.163, 203.129.72.215)
In this case, the real IP of the client is hidden, but it is revealed to the access object that the client is using a proxy server access them.
4. The use of deceptive proxy servers: Distorting Proxies
REMOTE_ADDR = proxy server IP
HTTP_X_FORWARDED_FOR = random IP (when passing through multiple proxy servers , this value is similar: 220.4.251.159, 203.98.182.163, 203.129.72.215)
In this case, it is also revealed that the client uses a proxy server, but fabricates a fake random IP (220.4.251.159) to replace the client the real IP of the client to spoof it.
5. Use PHP of high-anonymity proxy server to obtain client IP: High Anonymity Proxies (Elite proxies)
REMOTE_ADDR = Proxy server IP
HTTP_X_FORWARDED_FOR = No value or not displayed
Whether it is REMOTE_ADDR or HTTP_FORWARDED_FOR, these header messages may not be available because different browsers and different network devices may send different IP header messages. Therefore, the value obtained by PHP using $_SERVER["REMOTE_ADDR"] and $_SERVER["HTTP_X_FORWARDED_FOR"] may be a null value or an "unknown" value.
Therefore, the code for using PHP to obtain the client IP can be as follows:
<ol class="dp-xml">
<li class="alt"><span><span>function getip() { </span></span></li>
<li>
<span>$</span><span class="attribute">unknown</span><span> = </span><span class="attribute-value">'unknown'</span><span>; </span>
</li>
<li class="alt"><span>if ( isset($_SERVER['HTTP_X_FORWARDED_FOR']) <br>&& $_SERVER['HTTP_X_FORWARDED_FOR'] <br>&& strcasecmp($_SERVER['HTTP_X_FORWARDED_FOR'], <br>$unknown) ) { </span></li>
<li>
<span>$</span><span class="attribute">ip</span><span> = $_SERVER['HTTP_X_FORWARDED_FOR']; </span>
</li>
<li class="alt"><span>} elseif ( isset($_SERVER['REMOTE_ADDR']) <br>&& $_SERVER['REMOTE_ADDR'] && <br>strcasecmp($_SERVER['REMOTE_ADDR'], $unknown) ) { </span></li>
<li>
<span>$</span><span class="attribute">ip</span><span> = $_SERVER['REMOTE_ADDR']; </span>
</li>
<li class="alt"><span>} </span></li>
<li><span>/* </span></li>
<li class="alt"><span>处理多层代理的情况 </span></li>
<li>
<span>或者使用正则方式:$</span><span class="attribute">ip</span><span> = </span><span class="attribute-value">preg_match</span><span>("/[d.]<br>{7,15}/", $ip, $matches) ? $matches[0] : $unknown; </span>
</li>
<li class="alt"><span>*/ </span></li>
<li><span>if (false !== strpos($ip, ',')) </span></li>
<li class="alt">
<span>$</span><span class="attribute">ip</span><span> = </span><span class="attribute-value">reset</span><span>(explode(',', $ip)); </span>
</li>
<li>
<span> </span><span>return $ip; </span>
</li>
<li><span>} </span></li>
</ol>
Another point to note when obtaining the client IP with PHP is to use the function getenv('HTTP_X_FORWARDED_FOR') Or getenv('REMOTE_ADDR') can also achieve the same effect as the above code. But getenv() does not support PHP running in IIS isapi mode.