简体中文(ZH-CN)English(EN)繁体中文(ZH-TW)
Home
Article
Q&A
Course
Topic
Download
Game
Dictionary

Home  >  Article  >  Backend Development  >  How to identify real IP in php

How to identify real IP in php

(*-*)浩
(*-*)浩Original
2019-09-12 11:06:152042browse

The variables used to obtain the client IP in PHP are these:

How to identify real IP in php

##$_SERVER['HTTP_CLIENT_IP'] This header exists, but it is rare, and not necessarily implemented by all servers. The client can be faked. (Recommended learning:

PHP programming from entry to proficiency)

$_SERVER['HTTP_X_FORWARDED_FOR'] is a standard definition used to identify the client IP address after HTTP proxy, format: clientip,proxy1,proxy2. See http://zh.wikipedia.org/wiki/X-Forwarded-F... for a detailed explanation. The client can be faked.

$_SERVER['REMOTE_ADDR'] is reliable. It is the last IP that shakes hands with your server. It may be the user's proxy server or its own reverse proxy. The client cannot be forged.

Parameters that can be forged by the client must be filtered and verified! Many people think that the contents of the $_SERVER variable are trustworthy. In fact, this is not the case. $_SERVER['HTTP_CLIENT_IP'] and $_SERVER['HTTP_X_FORWARDED_FOR'] both come from the header of the client request.

If we want to strictly obtain the user’s real IP

When anti-crawlers and anti-swiping tickets are used, we will not trust anything that the client can forge. This is strictly obtained. .

There is no CDN, the user directly connects to our PHP server

In this case, use the IP of the tcp layer handshake, $_SERVER['REMOTE_ADDR']

When using nginx to implement load balancing in a self-built cluster

In this case, the PHP application server cannot be exposed to the outside world. We obtain the real IP in nginx and then send it to the PHP server. 

location /{
   proxy_set_header client-real-ip $remote_addr;
}

client-real-ip You can name it yourself. We will forward the ip in the tcp layer that shakes hands with nginx to PHP.

When using CDN, when fetching the source from the PHP server

CDN will forward the client’s handshake IP. The policies of each company are different. Please check the CDN documentation for details.

Of course, we can also tie the business that requires strict verification to a second-level domain name and use our own nginx server separately to avoid CDN.

The above is the detailed content of How to identify real IP in php. For more information, please follow other related articles on the PHP Chinese website!

php nginx http 负载均衡
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:How to implement polymorphism in phpNext article:How to implement polymorphism in php

Related articles

See more