Home > Article > Backend Development > How to get the real IP address of the client in php
$_SERVER["REMOTE_ADDR"] is often used in PHP to obtain the client IP. But if the client uses a proxy server to access, what is obtained is the IP address of the proxy server, not the real client IP address. To obtain the client's real IP address through a proxy server, use $_SERVER["HTTP_X_FORWARDED_FOR"] to read it.
But only when the client uses a "transparent proxy", the value of $_SERVER["HTTP_X_FORWARDED_FOR"] is the client's real IP (if it is a multi-layer proxy, this value may be the client's real IP and multiple It consists of the IP of the proxy server, separated by commas ","), and in the case of "anonymous proxy" and "deceptive proxy" it is the IP value of the proxy server (if it is a multi-layer proxy, this value may be composed of multiple proxy servers consisting of IPs, separated by commas ","), which is null in the case of "high anonymity proxy".
Regarding the REMOTE_ADDR and HTTP_FORWARDED_FOR values in the HTTP header information, we will introduce it in detail below. Assume that the real IP of the client is 221.5.252.160:
1. PHP without using a proxy server to obtain the client IP:
REMOTE_ADDR = Client IP
HTTP_X_FORWARDED_FOR = No value or not displayed
2. When using transparent proxy servers: Transparent Proxies
REMOTE_ADDR = Last proxy server IP
HTTP_X_FORWARDED_FOR = Client real IP (when passing through multiple proxy servers , this value is similar: 221.5.252.160, 203.98.182.163, 203.129.72.215)
This type of proxy server still sends the client’s real IP to the access object, which cannot achieve the purpose of hiding the true identity.
3. Use PHP of ordinary anonymous proxy server to obtain client IP: Anonymous Proxies
REMOTE_ADDR = Last proxy server IP
HTTP_X_FORWARDED_FOR = Proxy server IP (when passing through multiple proxy servers, this value is similar: 203.98.182.163 , 203.98.182.163, 203.129.72.215)
In this case, the real IP of the client is hidden, but it is revealed to the access object that the client uses a proxy server to access them.
4. The situation of using deceptive proxy servers: Distorting Proxies
REMOTE_ADDR = proxy server IP
HTTP_X_FORWARDED_FOR = random IP (when passing through multiple proxy servers, this value is similar: 220.4.251.159, 203.98.182.163, 203.129. 72.215)
In this case, it is also revealed that the client is using a proxy server, but a fake random IP (220.4.251.159) is fabricated to replace the client’s real IP to spoof it.
5. Use PHP of high anonymity proxy server to obtain client IP: High Anonymity Proxies (Elite proxies)
REMOTE_ADDR = Proxy server IP
HTTP_X_FORWARDED_FOR = No value or no display
Whether it is REMOTE_ADDR or HTTP_FORWARDED_FOR, these headers The message may not be available because different browsers and different network devices may send different IP header messages. Therefore, the value obtained by PHP using $_SERVER["REMOTE_ADDR"] and $_SERVER["HTTP_X_FORWARDED_FOR"] may be a null value or an "unknown" value.
So the code to get the client IP using PHP can be as follows:
function getip() { $unknown = 'unknown'; if ( isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] && strcasecmp($_SERVER['HTTP_X_FORWARDED_FOR'], $unknown) ) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } elseif ( isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], $unknown) ) { $ip = $_SERVER['REMOTE_ADDR']; } /** * 处理多层代理的情况 * 或者使用正则方式:$ip = preg_match("/[\d\.] * {7,15}/", $ip, $matches) ? $matches[0] : $unknown; */ if (false !== strpos($ip, ',')) $ip = reset(explode(',', $ip)); return $ip; }