1. PHP gets the client IP
When PHP gets the client IP, $_SERVER["REMOTE_ADDR"] is often used. But if the client uses a proxy server to access, what is obtained is the IP address of the proxy server, not the real client IP address. To obtain the client's real IP address through the proxy server, use $_SERVER["HTTP_X_FORWARDED_FOR"] to read it.
But only when the client uses a "transparent proxy", the value of $_SERVER["HTTP_X_FORWARDED_FOR"] is the real IP of the client (if it is a multi-layer proxy, this value may be the real IP of the client) IP and the IP of multiple proxy servers, separated by commas ","); in the case of "anonymous proxy" and "deceptive proxy", it is the IP value of the proxy server (if it is a multi-layer proxy, this value may be Composed of multiple proxy server IPs, separated by commas ","); in the case of "high anonymity proxy" it is an empty value.
REMOTE_ADDR is the IP when your client "handshakes" with your server. If an "anonymous proxy" is used, REMOTE_ADDR will display the IP of the proxy server.
HTTP_CLIENT_IP is the HTTP header sent by the proxy server. If it is a "super anonymous proxy", a value of none is returned. Likewise, REMOTE_ADDR will be replaced with the IP of this proxy server.
$_SERVER['REMOTE_ADDR']; //Accessor IP (may be a user, a proxy server, or a reverse proxy server)
$_SERVER['HTTP_CLIENT_IP' ]; //Agent-side (may exist, can be forged), not yet a standard, not necessarily implemented by all servers.
$_SERVER['HTTP_X_FORWARDED_FOR']; //Which IP is the proxy for the user to use (it may exist or can be forged). There is a standard definition used to identify the client IP address after HTTP proxy. The format is: clientip,proxy1,proxy2. For a detailed explanation, see http://zh.wikipedia.org/wiki/X-Forwarded-For.
The difference between the three values is as follows:
1. When no proxy server is used:
REMOTE_ADDR = Your IP
HTTP_VIA = None Value or no display
HTTP_X_FORWARDED_FOR = No value or no display
2. When using a transparent proxy server: Transparent Proxies
REMOTE_ADDR = Last proxy server IP
HTTP_VIA = Proxy server IP
HTTP_X_FORWARDED_FOR = Your real IP. When passing through multiple proxy servers, this value is similar to the following: 203.98.182.163, 203.98.182.163, 203.129.72.215.
This type of proxy server still forwards your information to your visitor, which cannot achieve the purpose of hiding your true identity.
3. When using ordinary anonymous proxy servers: Anonymous Proxies
REMOTE_ADDR = Last proxy server IP
HTTP_VIA = Proxy server IP
HTTP_X_FORWARDED_FOR = Proxy server IP, when passing through multiple proxy servers, this value is similar to the following: 203.98.182.163, 203.98.182.163, 203.129.72.215.
Hides your real IP, but reveals to the target audience that you are using a proxy server to access them.
4. The use of deceptive proxy servers: Distorting Proxies
REMOTE_ADDR = Proxy server IP
HTTP_VIA = Proxy server IP
HTTP_X_FORWARDED_FOR = Random IP, when passing through multiple proxy servers, this value is similar to the following: 203.98.182.163, 203.98.182.163, 203.129.72.215.
Tell the visitor that you are using a proxy server, but make up a fake random IP instead of your real IP to trick it.
5. When using a high-anonymity proxy server: High Anonymity Proxies (Elite proxies)
REMOTE_ADDR = Proxy server IP
HTTP_VIA = No value or not displayed
HTTP_X_FORWARDED_FOR = No value or not displayed. When passing through multiple proxy servers, this value is similar to the following: 203.98.182.163, 203.98.182.163, 203.129.72.215.
Completely replaces all your information with the proxy server's information, just like you are using that proxy server to directly access the object.
Sample code:
//获取用户IP, 定义一个函数getIP()
function getClientIP(){
if (getenv("HTTP_CLIENT_IP")) {
$ip = getenv("HTTP_CLIENT_IP");
}elseif(getenv("HTTP_X_FORWARDED_FOR")) {
$ip = getenv("HTTP_X_FORWARDED_FOR");
}elseif(getenv("REMOTE_ADDR")) {
$ip = getenv("REMOTE_ADDR");
else $ip = "Unknow";
}
return $ip;
}
或者
function getClientIp() {
$ip = 'unknow';
foreach (array(
'HTTP_CLIENT_IP',
'HTTP_X_FORWARDED_FOR',
'HTTP_X_FORWARDED',
'HTTP_X_CLUSTER_CLIENT_IP',
'HTTP_FORWARDED_FOR',
'HTTP_FORWARDED',
'REMOTE_ADDR') as $key) {
if (array_key_exists($key, $_SERVER)) {
foreach (explode(',', $_SERVER[$key]) as $ip) {
$ip = trim($ip);
//会过滤掉保留地址和私有地址段的IP,例如 127.0.0.1会被过滤
//也可以修改成正则验证IP
if ((bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
return $ip;
}
}
}
}
return $ip;
}2.php Get server-side IP
Server-side IP related variables
a. $_SERVER[" SERVER_NAME"], you need to use the function gethostbyname() to obtain it. This variable displays correctly on both the server and client sides.
b. $_SERVER["SERVER_ADDR"], tested on the server side: 127.0.0.1 (this is related to the setting value of BindAddress in httpd.conf). The test results on the client are correct.
/**
* 获取服务器端IP地址
* @return string
*/
function getServerIp() {
if (isset($_SERVER)) {
if($_SERVER['SERVER_ADDR']) {
$server_ip = $_SERVER['SERVER_ADDR'];
} else {
$server_ip = $_SERVER['LOCAL_ADDR'];
}
} else {
$server_ip = getenv('SERVER_ADDR');
}
return $server_ip;
}
或者
function getServerIP(){
return gethostbyname($_SERVER["SERVER_NAME"]);
}For more related questions, please visit the PHP Chinese website related question tutorials: https://www.php.cn/
The above is the detailed content of Use PHP to get client and server IP. For more information, please follow other related articles on the PHP Chinese website!
Explain the concept of session locking.Apr 29, 2025 am 12:39 AMSessionlockingisatechniqueusedtoensureauser'ssessionremainsexclusivetooneuseratatime.Itiscrucialforpreventingdatacorruptionandsecuritybreachesinmulti-userapplications.Sessionlockingisimplementedusingserver-sidelockingmechanisms,suchasReentrantLockinJ
Are there any alternatives to PHP sessions?Apr 29, 2025 am 12:36 AMAlternatives to PHP sessions include Cookies, Token-based Authentication, Database-based Sessions, and Redis/Memcached. 1.Cookies manage sessions by storing data on the client, which is simple but low in security. 2.Token-based Authentication uses tokens to verify users, which is highly secure but requires additional logic. 3.Database-basedSessions stores data in the database, which has good scalability but may affect performance. 4. Redis/Memcached uses distributed cache to improve performance and scalability, but requires additional matching
What is the full form of PHP?Apr 28, 2025 pm 04:58 PMThe article discusses PHP, detailing its full form, main uses in web development, comparison with Python and Java, and its ease of learning for beginners.
How does PHP handle form data?Apr 28, 2025 pm 04:57 PMPHP handles form data using $\_POST and $\_GET superglobals, with security ensured through validation, sanitization, and secure database interactions.
What is the difference between PHP and ASP.NET?Apr 28, 2025 pm 04:56 PMThe article compares PHP and ASP.NET, focusing on their suitability for large-scale web applications, performance differences, and security features. Both are viable for large projects, but PHP is open-source and platform-independent, while ASP.NET,
Is PHP a case-sensitive language?Apr 28, 2025 pm 04:55 PMPHP's case sensitivity varies: functions are insensitive, while variables and classes are sensitive. Best practices include consistent naming and using case-insensitive functions for comparisons.
How do you redirect a page in PHP?Apr 28, 2025 pm 04:54 PMThe article discusses various methods for page redirection in PHP, focusing on the header() function and addressing common issues like "headers already sent" errors.
Explain type hinting in PHPApr 28, 2025 pm 04:52 PMArticle discusses type hinting in PHP, a feature for specifying expected data types in functions. Main issue is improving code quality and readability through type enforcement.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.
EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
SublimeText3 Chinese version
Chinese version, very easy to use
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
