0

I have a PHP application in front of me that reads the IP address of the user from $_SERVER['REMOTE_ADDR'].

I don't seem to quite understand how it gets populated. I assume that it is basically reading the client IP address from the request headers. Is that correct?

Note: I am not asking about whether it is providing the client IP address or not. The documentation already states that fact. I am more interested in the knowing about the "how". Is it retrieving the IP address implicitly from the request headers?

sepehr
  • 17,110
  • 7
  • 81
  • 119
Grateful
  • 9,685
  • 10
  • 45
  • 77
  • 3
    yes, usually its the client IP. http://php.net/manual/en/reserved.variables.server.php –  Dec 19 '16 at 02:34
  • I know it is the client IP... the documentation I have seen already states that. What I am more interested in knowing is about the "how". Is it reading the IP address implicitly from the request? – Grateful Dec 19 '16 at 02:39
  • not sure this really falls in to the "a practical, answerable problem that is unique to software development" classification of being on-topic here –  Dec 19 '16 at 02:49
  • 1
    You will find your answer in the second answer to this question: http://stackoverflow.com/questions/3003145/how-to-get-the-client-ip-address-in-php I qoute: `$_SERVER['REMOTE_ADDR']` is the actual physical IP address that the web server received the connection from and that the response will be sent to. All other HTTP headers like `X-Forwarded-For` can be set by anyone. – icecub Dec 19 '16 at 02:49
  • So to clear that up a bit: Even if someone would somehow spoof the IP address that `$_SERVER['REMOTE_ADDR']` contains, it would of be no use as the server wouldn't send them any response back. They would simply receive a 404 error. They either need to guess the servers response and act upon it, or have a proxy relaying the response back to them. – icecub Dec 19 '16 at 02:55
  • Can I see this as part of the request headers within chrome dev tools or something? So if I go to Network > Headers > General > Remote Address, is that the field that tells me what the client IP address is (i.e. `$_SERVER['REMOTE_ADDR']`) or is it instead the IP address that the request is targetted towards? – Grateful Dec 19 '16 at 03:41
  • are you actually trying to solve an issue here? –  Dec 19 '16 at 04:39
  • 1
    @Dagon Yes, I am trying to understand something here. – Grateful Dec 19 '16 at 05:12
  • ok, so what's the issue? –  Dec 19 '16 at 05:15
  • @Dragon Apologies if I have not been clear enough yet. I am trying to learn about the involvement of the client IP address, as part of the request headers. – Grateful Dec 19 '16 at 05:23
  • which directly is nothing to do with php .. so? –  Dec 19 '16 at 05:24
  • @Dragon again.. apologies if I have not made that clear yet either... I have a php application that I am trying to debug at the moment. It started off with `$_SERVER['REMOTE_ADDR']` and led me to ask about `Remote Address` available for viewing from within the chrome dev tools. – Grateful Dec 19 '16 at 05:30
  • All the negative points... somehow I don't feel that welcome :) @Dragon, should I be asking non-code related questions elsewhere? – Grateful Dec 19 '16 at 05:41

1 Answers1

2

Not a network expert in any way, but as it's an HTTP request, it gets delivered over a TCP connection. The webserver populates $_SERVER['REMOTE_ADDR'] from a TCP socket that is used to communicate with the browser.

sepehr
  • 17,110
  • 7
  • 81
  • 119