Home » Php » web services – How can I get the client's IP address in a PHP webservice?

web services – How can I get the client's IP address in a PHP webservice?

Posted by: admin April 23, 2020 Leave a comment

Questions:

I have developed a PHP webservice. I would like to log all incoming connections of the WS clients, which are consuming this web service. How can I obtain the client’s IP address? The value of

$_SERVER['HTTP_CLIENT_IP']

seems to be always empty.

How to&Answers:

This should be what you want:

$_SERVER['REMOTE_ADDR']

The IP address from which the user is
viewing the current page.

http://php.net/manual/en/reserved.variables.server.php

Answer:

Actually, I would suggest using this function to cover all of your bases, such as people using proxies, shared networks etc.:

function getUserIpAddr()
{
    if (!empty($_SERVER['HTTP_CLIENT_IP'])) //if from shared
    {
        return $_SERVER['HTTP_CLIENT_IP'];
    }
    else if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))   //if from a proxy
    {
        return $_SERVER['HTTP_X_FORWARDED_FOR'];
    }
    else
    {
        return $_SERVER['REMOTE_ADDR'];
    }
}

Answer:

Make sure not to trust data sent from the client. $_SERVER['REMOTE_ADDR'] contains the real IP address of the connecting party. That is the most reliable value you can find.

However, they can be behind a proxy server in which case the proxy may have set the $_SERVER['HTTP_X_FORWARDED_FOR'], but this value is easily spoofed. It can be set by someone without a proxy to whatever value the user wants, or the IP can be an internal IP from the LAN behind the proxy.

This means that if you are going to save the $_SERVER['HTTP_X_FORWARDED_FOR'], make sure you also save the $_SERVER['REMOTE_ADDR'] value, e.g., by saving both values in different fields in your database.

If you are going to save the IP to a database as a string, make sure you have space for at least 45 characters. IPv6 is here to stay and those addresses are larger than the older IPv4 addresses.

Answer:

The functions getUserIpAddr() and getRealIpAddr() are not reliable!

The only reliable IP is from $ip = $_SERVER["REMOTE_ADDR"];
Otherwise anyone could fake his IP address by sending the CLIENT_IP header for example.

This Firefox Addon can help you send custom headers. Sending the CLIENT_IP=x.x.x.x header to a server running any of the functions on this page, would mean that clients can choose any IP they want…

Answer:

Are you using some kind of framework for your webservice? I saw some frameworks (For instance Agavi) which intentionally delete all the $SERVER data because they want to enfore you to use the validated values from a framework service.

Answer:

If this dont do the job i dont know what does..

    function getClientIP() {
        if (isset($_SERVER)) {

           if (isset($_SERVER["HTTP_X_FORWARDED_FOR"]))
               return $_SERVER["HTTP_X_FORWARDED_FOR"];

           if (isset($_SERVER["HTTP_CLIENT_IP"]))
               return $_SERVER["HTTP_CLIENT_IP"];

           return $_SERVER["REMOTE_ADDR"];
        }

        if (getenv('HTTP_X_FORWARDED_FOR'))
           return getenv('HTTP_X_FORWARDED_FOR');

        if (getenv('HTTP_CLIENT_IP'))
           return getenv('HTTP_CLIENT_IP');

    return getenv('REMOTE_ADDR');
}

Answer:

My preferred function:

    public static function get_remote_ip() {
        if(isset($_SERVER['REMOTE_ADDR']) && !empty($_SERVER['REMOTE_ADDR'])) {
            return $_SERVER['REMOTE_ADDR'];
        } 

        if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
            return $_SERVER['HTTP_X_FORWARDED_FOR'];
        }

        return null;
    }

Answer:

You might try

<?php
var_dump($_SERVER);

to see all vars. But that actually also depends on the backend your script is running at. Is that Apache?

Answer:

<?php 
 $ip=$_SERVER['REMOTE_ADDR'];
 echo "Your IP Address is $ip"; 
 ?> 

and to insert into database just use $ip

Answer:

<?php
function getIP() {
$ip;
if (getenv("HTTP_CLIENT_IP"))
$ip = getenv("HTTP_CLIENT_IP");
else if(getenv("HTTP_X_FORWARDED_FOR"))
$ip = getenv("HTTP_X_FORWARDED_FOR");
else if(getenv("REMOTE_ADDR"))
$ip = getenv("REMOTE_ADDR");
else
$ip = "UNKNOWN";
return $ip;

}

//-----------------------------------------------

//Usage:


$client_ip=getIP();
echo "Your IP :".$client_ip;
?>