Getting Actual IP Address How to get Actual IP address when the website is accessed using a proxy server? I had to face a situation in which i had added a geo targeting code in my web app which blocks the users from out side India to access it. it worked fine until there was a situation where some users from outside india tried to access the app using a proxy server in India. Although there are some snippets available in web ( or you can code it yourself) which checks for the flag HTTP_X_FORWARDED_FOR in the header information. Some example snippets: ################################################ FUNCTION #1 function GetUserIP() { if (isset($_SERVER)) { if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) return $_SERVER["HTTP_X_FORWARDED_FOR"]; if (isset($_SERVER["HTTP_CLIENT_IP"])) return $_SERVER["HTTP_CLIENT_IP"]; return $_SERVER["REMOTE_ADDR"]; } if (getenv('HTTP_X_FORWARDED_FOR')) return getenv('HTTP_X_FORWARDED_FOR'); if (getenv('HTTP_CLIENT_IP')) return getenv('HTTP_CLIENT_IP'); return getenv('REMOTE_ADDR'); } FUNCTION #2 function get_real_IP_address() { if (!empty($_SERVER['HTTP_CLIENT_IP'])) //check ip from share internet { $ip=$_SERVER['HTTP_CLIENT_IP']; } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) //to check ip is pass from proxy { $ip=$_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip=$_SERVER['REMOTE_ADDR']; } return $ip; } ################################################ | |
| both the functions checks for the value of server value HTTP_X_FORWARDED_FOR .. if it is set then the IP address value is taken from that, else it take the value of $_SERVER['REMOTE_ADDR'] You can see that both functions above does the same operation to determine the actual IP address of a web request through a proxy. When an access is done through a proxy what happens is the proxy server hides your orginal IP and moves on with the request execution with the proxy server IP Address and that way the orhinal IP stays hidden. proxy servers are of different types Anonymous: An Anonymous Proxy Server blocks the remote Computer from knowing the identity of the Computer using the Proxy Server to make requests. Transparent: A Transparent Proxy Server tells the remote Computer the IP Address of your Computer. This provides no privacy. | |
Anonymous Proxy Servers can further be broken down into two more categories, Elite and Disguised. An Elite Proxy Server is not identifiable to the remote computer as a Proxy in any way. A Disguised Proxy Server gives the remote computer enough information to let it know that it is a Proxy, however it still does not give away the IP of the Computer it is relaying information for. So depending on the configuration of the proxy server the value of HTTP_X_FORWARDED_FOR changes. for transparent Proxies you may get the value of HTTP_X_FORWARDED_FOR in the header info. There is a header flag called HTTP_X_FORWARDED_FOR which can be used to determine the orginal IP address, but this is set by the Proxy server and that is no in control of the web application which runs on that proxy. Some proxy servers allows to appened this header to specify the actual IP address and this type are called transparent proxys and other type is Anonymus which will not appened the above said flag, so the actual IP address is not accessibile for the web application. So It is little bit difficult to get the orginal IP of a request that comes through an anonymus proxy server. Case study and work around : IN case of AOL browser users in india sometimes the request is sent through a proxy server in US, so when indian user try to access the app, the geo target code will block the access as it consider the request comes froma US located computer. So in such case a work around is let the geo target code in the application page redirect the user to a response page which shows a warnings as their computer is in invalid Geographical location and in that page give an option to the user so that if they are still in India cant access the application the put a link for them to restart the application by sending an additional url param to block the geo target code in home page of the app. That is , suppose you invoke your web app like this www.samplecode.come/userapp.php?go=1 in userapp.php we have a geo checking code, so if it detects the IP as outside of india it will redirect the user to a response page may be the response url like this www.samplecode.come/userresp.php?act=geofail&rs=_UY688gs79KJG= here the "rs=_UY688gs79KJG=" part i sthe base64 encoded query string of the app invoking request, ie, "go=1" part of above url. so on the response page you can show the GEO fail message and put an option to the user (if he/she is in India still cant access app) to reload the app like this www.samplecode.come/userapp.php?go=1&geo=disable the "go=1" is taken by decoding the "rs=_UY688gs79KJG=" part from response url so in the app startup page you can disable the geo tracker based on the param "geo=disable". You can make this check in the response page for particular type of browser users so that the action can be more refined. You can apply your logic in this.. If any one have a better way please comment. Thanks, hope this helps some one. User Comments: Dries said: I did a test with tracking the location of users, based on IP & GPS and the result was pretty stunning. I cached locations within a range of 20 house numbers. Freaky actually if you think about it. Dutch article though tracking location with Google Analytics http://www.driesbultynck.be/index.php/2010/11/15/geotracking-google-analytics/ |
Deep-sea Anglerfish are the strange and elusive creature that are very rarely observed in their natural habitat. Fewer than half a dozen have ever been captured on film or video by deep-diving research vehicles.They are mostly found in tropical to temperate waters of the Indian,Pacific and Atlantic Oceans.
