0

I'm just wondering, is using JavaScript to get an IP like described in How to get client's IP address using javascript only? just as accurate as using

$_SERVER['REMOTE_ADDR'];

in PHP or another server-side language? What is the different in how the information is extracted in each?

For some background information, I know that Google Analytics is JS code and supposedly I can filter out IPs in my GA dashboard and I'm wondering how that is done and if it's reliable.

Community
  • 1
  • 1
Subpar Web Dev
  • 3,210
  • 7
  • 21
  • 35
  • What IP address are you interested in getting, and in what context (browser or Node.js or something else)? – Pointy Jan 18 '16 at 19:18
  • @Pointy The IP that made the request to the page – Subpar Web Dev Jan 18 '16 at 19:25
  • So, the IP of the client browser itself? – Pointy Jan 18 '16 at 19:26
  • 1
    With only JavaScript, you won't be able to get the proper IP. Most people are sitting behind a router, so evenn if there was a way to get the NIC's IP, you would still only get the internal IP (like: 192.168.1.xxx or similar). The NIC doesn't know, or care, about the external IP. – M. Eriksson Jan 18 '16 at 19:31

2 Answers2

0

You can't truly get an IP with JavaScript. All the examples on the page you listed get it from a server or API. PHP is your best option aside from using an existing API. Either way, it's not going to be extremely reliable and can easily be faked.

I wrestled a bear once.
  • 22,983
  • 19
  • 69
  • 116
  • What does Google Analytics do, then? – Subpar Web Dev Jan 18 '16 at 19:24
  • 2
    @SubparWebDev it makes HTTP requests to Google, and each of those requests has a visible IP address at the server. The server code can then return that to the JavaScript in the client. – Pointy Jan 18 '16 at 19:27
  • GA isn't getting the IP through JavaScript. It is loading files from googles servers. Then they can see the request-ip and set cookies. – M. Eriksson Jan 18 '16 at 19:27
0

No. You cannot trust JavaScript for critical information.

The best way to get an IP address with PHP is:

$_SERVER['REMOTE_ADDR'];

Using 'REMOTE_ADDR' returns the actual physical IP address of the client.

Depending on your application requirements, it is sometimes helpful to get a client ip that is behinda proxy. You can use the following variable:

$_SERVER['HTTP_X_FORWARDED_FOR'];

It is important to note however that 'HTTP_X_FORWARDED_FOR' can be easily spoofed.

Google Analytical uses JavaScript to get client PC details like:

  1. Screen size and resolution
  2. Is mobile device?
  3. Java & Flash version
  4. Language (Browser)
  5. User Agent
  6. Operating System

It is important to remember that all this information can be spoofed. However, if a genuine visitor is visiting your website it is very unlikely that this information will return false information.

samland
  • 192
  • 1
  • 12
  • Or `$_SERVER['HTTP_X_FORWARDED_FOR']` if the server is behind a proxy and is setting this header. – M. Eriksson Jan 18 '16 at 19:33
  • Yes, however, it is important to remember that it can be spoofed as it is an HTTP header. – samland Jan 18 '16 at 19:35
  • That's true. that goes for `REMOTE_ADDR` as well. IP-spoofing, it's called ;-) – M. Eriksson Jan 18 '16 at 19:38
  • Yes. However, to spoof REMOTE_ADDR you must change it at the network level which requires you to have and significant resources ie: access to the network equipment. HTTP_X_FORWARDED_FOR is an actual HTTP header that anyone can change. – samland Jan 18 '16 at 19:44
  • Yes. It's much harder to spoof REMOTE_ADDR. But if you need the client IP you should always check for HTTP_X_FORWARDED_FOR as well (if your code might end up behind a proxy, that is), otherwise it will look like all calls are comming from one (the proxys) IP. Which they theoretically are. Learned that the hard way once. :) – M. Eriksson Jan 18 '16 at 19:47
  • Yes that is correct. However, checking the HTTP_X_FORWARDED_FOR really depends on your business requirements. Sometimes, due to enterprise security policies, it is not allowed. – samland Jan 18 '16 at 19:53