发表新帖
发表新帖

$_SERVER[“REMOTE_ADDR”] gives server IP rather than visitor IP

后端 未结
关注
8 735
小蘑菇
小蘑菇 2020-11-28 05:55

I\'m trying to track IP addresses of visitors. When using $_SERVER[\"REMOTE_ADDR\"], I get the server\'s IP address rather than the visitor\'s. I tried this on

相关标签:
8条回答
  • 粉色の甜心
    2020-11-28 06:20

    $_SERVER['REMOTE_ADDR'] gives the IP address from which the request was sent to the web server. This is typically the visitor's address, but in your case, it sounds like there is some kind of proxy sitting right before the web server that intercepts the requests, hence to the web server it appears as though the requests are originating from there.

    0 讨论(0)
  • 忘掉有多难
    2020-11-28 06:23

    REMOTE_ADDR can not be trusted.

    Anyway, try

    $ipAddress = $_SERVER['REMOTE_ADDR'];
if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) {
    $ipAddress = array_pop(explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']));
}

    Edit: Also, does your server's router have port forwarding enabled? It may be possible that it's messing with the packets.

    Security warning: REMOTE_ADDR can be fully trusted! It comes from your own webserver and contains the IP that was used to access it. You don't even need to quote() it for SQL inserts.
    But HTTP_X_FORWARDED_FOR is taken directly from the HTTP headers, it can contain the picture of a cat, malicious code, any content. Treat it like that, never trust it.

    0 讨论(0)
  • 谎友^
    2020-11-28 06:23

    Replacing:

    $_SERVER["REMOTE_ADDR"];

    With:

    $_SERVER["HTTP_X_REAL_IP"];

    Worked for me.

    0 讨论(0)
  • 情书的邮戳
    2020-11-28 06:26

    Look no more for IP addresses not being set in the expected header. Just do the following to inspect the whole server variables and figure out which one is suitable for your case:

    print_r($_SERVER);
    0 讨论(0)
  • 青春惊慌失措
    2020-11-28 06:27

    PHP 7.0 $_SERVER varibales have changed. var_dump it and see how it fits your reqs.

    some of them giving remote details are, REMOTE_ADDR HTTP_X_FORWARDED_FOR HTTP_CF_CONNECTING_IP HTTP_CF_IPCOUNTRY

    0 讨论(0)
  • 野趣味
    2020-11-28 06:27

    With PHP 7.4 I do it like this:

    $ipaddress = '';
if (isset($_SERVER['REMOTE_ADDR']))
    $ipaddress = $_SERVER['REMOTE_ADDR'];
else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
    $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
else if(isset($_SERVER['HTTP_X_FORWARDED']))
    $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
    $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
else if(isset($_SERVER['HTTP_FORWARDED']))
    $ipaddress = $_SERVER['HTTP_FORWARDED'];
else if(isset($_SERVER['HTTP_CLIENT_IP']))
    $ipaddress = $_SERVER['HTTP_CLIENT_IP'];

    But keep in mind that REMOTE_ADDR is the only reliable IP address that you can get. All other values can easily be manipulated. This is theoretically also possible for REMOTE_ADDRESS, but that would require to spoof the IP address.

    0 讨论(0)
 看不清?
提交回复
热议问题