使用PHP通过代理获取IPAddress？

I run security checks on a number of AJAX calls to see if the same IP requested that I have on record.

I used the following set of class functions to establish the IP (which can come via load balancers, hence the lengthly methodology.

    private function IPMask_Match ($network, $ip) {
      $ip_arr = explode('/', $network);
      if (count($ip_arr) < 2) {
        $ip_arr = array($ip_arr[0], null);
      }
      $network_long = ip2long($ip_arr[0]);
      $x = ip2long($ip_arr[1]);
      $mask =  long2ip($x) == $ip_arr[1] ? $x : 0xffffffff << (32 - $ip_arr[1]);
      $ip_long = ip2long($ip);
      return ($ip_long & $mask) == ($network_long & $mask);
    }


    private function IPCheck_RFC1918 ($IP) {
      $PrivateIP = false;
      if (!$PrivateIP) {
        $PrivateIP = $this->IPMask_Match('127.0.0.0/8', $IP);
      }
      if (!$PrivateIP) {
        $PrivateIP = $this->IPMask_Match('10.0.0.0/8', $IP);
      }
      if (!$PrivateIP) {
        $PrivateIP = $this->IPMask_Match('172.16.0.0/12', $IP);
      }
      if (!$PrivateIP) {
        $PrivateIP = $this->IPMask_Match('192.168.0.0/16', $IP);
      }
      return $PrivateIP;
    }


    public function getIP () {
      $UsesProxy = (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) || !empty($_SERVER['HTTP_CLIENT_IP'])) ? true : false;
      if ($UsesProxy && !empty($_SERVER['HTTP_CLIENT_IP'])) {
        $UserIP = $_SERVER['HTTP_CLIENT_IP'];
      }
      elseif ($UsesProxy && !empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        $UserIP = $_SERVER['HTTP_X_FORWARDED_FOR'];
        if (strstr($UserIP, ',')) {
          $UserIPArray = explode(',', $UserIP);
          foreach ($UserIPArray as $IPtoCheck) {
            if (!$this->IPCheck_RFC1918($IPtoCheck)) {
              $UserIP = $IPtoCheck;
              break;
            }
          }
          if ($UserIP == $_SERVER['HTTP_X_FORWARDED_FOR']) {
            $UserIP = $_SERVER['REMOTE_ADDR'];
          }
        }
      }
      else{
        $UserIP = $_SERVER['REMOTE_ADDR'];
      }
      return $UserIP;
    }

The Problem is I've been getting problems with users operating via a proxy. Can anyone indicate why that might be? I've used basic free proxy's online to try and emulate, but it doesn't look to be getting variable IPs or anything - so I'm not sure why this would be saying the two IPs don't match.

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

5条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dongxingji3882 2012-10-25 20:33
关注
I am going to explain what a proxy is first so we are both on the same page.

What Is A Proxy

A proxy is usually a single computer that accesses the internet ON BEHALF OF the user and then the proxy sends the results back to the user. The problem appears when there could be hundreds or even thousands of other people also using that one computer - and they all have the SAME IP address but normally the headers indicate that the users are via a proxy.

Your script i am assuming (without properly looking) is getting the IP's and headers mixed up.

Different Solution

There is a better way. Use sessions and save a key in the session ensuring they have previously been to the main site first BEFORE accessing the ajax page. Example:

index.php

session_start(); $_SESSION['ajax_ok'] = true;

ajax/username_check.php

session_start(); if (empty($_SESSION['ajax_ok'])) { die("You can not access this page..."); }

That will enforce that they must visit your main site first and the client must also support sessions which most browsers will which is a plus to help prevent bots etc abusing your ajax scripts.

More reliable and easier solution than using that mangle of code you got above ><

What if you can't use sessions?

If you can't use sessions on the specific comp you're on, you could setup another computer, rewrite the session handler (using the callbacks that php provides) or instead of using the file system use something else like the database for sessions instead? There must be something your website uses that the sessions could also use. Such as if you have a load balancer file based sessions generally wont work anyway so it's generally a good idea to change the sessions to use something else like i mentioned above.
解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

PHP如何通过CIDR函数运行IP范围列表？ php
2018-06-19 19:45

回答 1 已采纳 Just loop through the list of ranges, and use array_merge() to append the results to the collectio
PHP仅使用dns_record获取记录 php
2017-05-20 20:59

回答 1 已采纳 Fixed code (works properly): function test() { $host = "google.com"; $result = dns_get_r
求一个PHP功能，获取本地绑定ip php 有问必答
2023-04-20 11:41

回答 4 已采纳用shell_exec或者exec执行系统命令获取，不过需要管理员权限，租用的虚拟机就不用想了windows系统执行ipconfig命令，需要正则分析获取下ip地址 <meta charset
使用PHP来获取客户端和服务端IP
2022-09-16 14:27

u011042325的博客 PHP获取客户端和服务端IP
如何使用PHP获取IP背后的IP？ php
2011-12-21 08:21

回答 5 已采纳 Nope, not possible. NAT means Network Address Translation - the IP address of the packets is rewri
PHP ip计算 - >来自ipaddress的段数组 php
2018-04-26 11:41

回答 1 已采纳 I know that github.com/S1lentium/IPTools does it, so you may have a look at its implementation.
怎么用php获取ip地址和js读取php数组的参数 javascript php
2023-03-27 19:06

回答 5 已采纳该回答引用ChatGPT：1 使用PHP获取IP地址：可以使用$_SERVER['REMOTE_ADDR']获取当前请求的IP地址。如果你需要获取用户的公网IP地址，可以使用下面的代码来获取： $i
php 获取客户端mac,如何在PHP中获取连接客户端的MAC和IP地址？
2021-03-24 13:05

李淳风的谜底的博客服务器IP您可以从$_SERVER['SERVER_ADDR'].服务器MAC地址对于MAC地址，可以解析netstat -ie在Linux中，或者ipconfig /all在Windows中。客户端IP地址您可以从$_SERVER['REMOTE_ADDR']客户端MAC地址除非在一种特殊情况...
如何在PHP中获取IP地址？ [关闭] php
2014-02-04 08:50

回答 2 已采纳 Try this <?php $ip = $_SERVER['REMOTE_ADDR']; ?>
使用IP和时间以PHP捕获用户名 php
2019-06-18 03:18

回答 1 已采纳 This is a syntax error. The symbol ]} is at the end. It should be: $text = "{$user} Logged in as:
php curl代理ip一直失败或者连接超时问题 php
2019-06-21 17:57

回答 2 已采纳原来是要nginx配置好代理才可以使用
PHP获取域名及域名IP的方法
2019-05-10 10:38

深夜程序猿的博客获取域名IP的方法可以使用内置的函数gethostbyname获取，例如： echogethostbyname("www.jbxue.com"); 以上则会直接输出域名所对应的的IP，当然各个地方测试的结果是不一样的，因为百度的服务器也不只有一台，我...
如何在GO中获取LocalAddress？ http
2017-01-09 20:07

回答 1 已采纳 You are not calling the function, in your local variable you are storing the function itself. Try
PHP 获取访问端的IP地址
2019-09-11 17:27

小目标青年的博客 $ip_address=getIpAddress(); echo "$ip_address<br>"; function getIpAddress(){ //ip是否来自共享互联网 if (!empty($_SERVER['HTTP_CLIENT_IP'])){ $ip_address = $_SERVER['HTTP_CLIENT...
PHP、Tomcat获取Nginx代理后的客户端真实IP
2020-07-29 11:00

正在输入中…………的博客文章目录PHP、Tomcat获取Nginx代理后的客户端真实IP一、PHP获取Nginx代理后客户端真实IPNginx配置PHP配置访问测试二、Tomcat获取Nginx代理后客户端真实IPNginx配置日志格式Nginx配置转发IP头Tomcat日志格式讲解配置...
没有解决我的问题, 去提问

悬赏问题

¥20 模型在y分布之外的数据上预测能力不好如何解决
¥15 processing提取音乐节奏
¥15 gg加速器加速游戏时，提示不是x86架构
¥15 python按要求编写程序
¥15 Python输入字符串转化为列表排序具体见图，严格按照输入
¥20 XP系统在重新启动后进不去桌面，一直黑屏。
¥15 opencv图像处理，需要四个处理结果图
¥15 无线移动边缘计算系统中的系统模型
¥15 深度学习中的画图问题
¥15 java报错:使用mybatis plus查询一个只返回一条数据的sql，却报错返回了1000多条

使用PHP通过代理获取IPAddress？

5条回答 默认 最新

悬赏问题

5条回答默认最新