-3

The webserver that im working on is using a static private IP address and it is configured in a firewall where it has a configured virtual public IP address.

I can successfully get the client's IP address if i will browse my webserver via its static IP address.

However, if I will browse my webserver using the Virtual IP address that i have configured in the firewall, the client's IP address that I'am getting is the IP address of the firewall itself.

is it possible to get the client's REAL IP address if the client will browse using the Virtual IP of the Webserver?

c18 online
  • 69
  • 7
  • 8
    Possible duplicate http://stackoverflow.com/questions/15699101/get-the-client-ip-address-using-php – markdwhite Nov 18 '15 at 16:43
  • @markdwhite funnily the question you've marked this as a duplicate of, is also marked as a duplicate itself :) – CD001 Nov 18 '15 at 16:48
  • @CD001 - indeed, but look at the upvotes! ;) – markdwhite Nov 18 '15 at 16:49
  • hi mark, I have tried and checked that link a while ago, and still it didn't worked for me. I think that solution will work if the client is using a proxy IP. – c18 online Nov 18 '15 at 16:50
  • 1
    http://stackoverflow.com/questions/3003145/how-to-get-the-client-ip-address-in-php, i think this is more informational – Andrew Nov 18 '15 at 16:50
  • at short, `$_SERVER['REMOTE_ADDR']` is more reliable, as others can easily be spoof by client side – Andrew Nov 18 '15 at 16:52
  • It *sounds* like you're trying to get the LAN IP from *behind* the WAN (Firewall) IP address? If that's the case you'd have to rely on the Firewall/Router sending the `HTTP_X_FORWARDED_FOR` header - which is by no means guaranteed; this is probably only going to be useful if your server is deployed in a closed local environment... or wait for IPv6 to become universal :\ – CD001 Nov 18 '15 at 16:55
  • @c18online - if the firewall is adding in a layer of obfuscation, you may need to look at mod_remoteip for Apache (2.4+) or mod_rpaf (older versions). Though this could be way off track as it's late... – markdwhite Nov 18 '15 at 17:03
  • Hi @CD001.. yes, I wanted to get the IP address of the client that is browsing using the Virtual Public IP of the Webserver that is configured in the firewall server. unfortunately, the IP that I get is the ip address of the firewall server. – c18 online Nov 18 '15 at 17:10
  • I only get the correct IP address, if the client will browse the website using the private Static IP that is configured on the webserver itself. – c18 online Nov 18 '15 at 17:14

1 Answers1

-2

Consider that, if I want, I can make my browser do not send you my ip or a false ip, so do not trust it, NEVER. By the way, when I need it, I use this

if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
  $user_ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
  $user_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
  $user_ip = $_SERVER['REMOTE_ADDR'];
}
RiccardoC
  • 876
  • 5
  • 10
  • If you don't send a real ip somehow then you can't get a response back so your comment (its a comment not an answer) is silly. And this should be closed as duplicate. – developerwjk Nov 18 '15 at 16:46
  • And `$_SERVER['REMOTE_ADDR']` is the one you cannot send a false value in without losing the response. The others are the manipulable ones. If you're going to say "never never never trust it," at least be specific on which one not to trust. – developerwjk Nov 18 '15 at 16:53