[SOLVED]Getting user IP address
Moderator: General Moderators
[SOLVED]Getting user IP address
Hi guys
I'm building a simple intranet application on windows 2000, with php5 and mysql4 on apache 2.2
I'm using the $_SERVER['REMOTE_ADDR'] to get a user's IP address if they make a change to the record, but according to my log script there's been occasions where the IP address hasn't been entered.
I was wondering if there's any reason why this might happen from the PHP / Apache side.
Should this reserved variable always return the user's IP address?
Or are there occasions when the IP address doesn't get returned correctly using this method.
Thanks
Ben
I'm building a simple intranet application on windows 2000, with php5 and mysql4 on apache 2.2
I'm using the $_SERVER['REMOTE_ADDR'] to get a user's IP address if they make a change to the record, but according to my log script there's been occasions where the IP address hasn't been entered.
I was wondering if there's any reason why this might happen from the PHP / Apache side.
Should this reserved variable always return the user's IP address?
Or are there occasions when the IP address doesn't get returned correctly using this method.
Thanks
Ben
Last edited by batfastad on Tue Oct 24, 2006 6:33 am, edited 1 time in total.
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
The IP address is sent by the client nothing to do at all with the server side of things...
You should typically get IP's back as I would think most popular browsers use them properly...however there might be a option FF which allows IP blocking...or maybe their going through a proxy...
Lots of reasons why it won't or might not work...thats why it's a horrible way to do business...it's unreliable like anything else sent in by the client through headers...
In short: Don't trust IP for anything, but use it only for basic non-security type situations...
You should typically get IP's back as I would think most popular browsers use them properly...however there might be a option FF which allows IP blocking...or maybe their going through a proxy...
Lots of reasons why it won't or might not work...thats why it's a horrible way to do business...it's unreliable like anything else sent in by the client through headers...
In short: Don't trust IP for anything, but use it only for basic non-security type situations...
no, the address and the port are part of the socket connection. If the information is faked no return data will reach the client - not even will the tcp/ip connection be fully established.Hockey wrote:The IP address is sent by the client nothing to do at all with the server side of things...
You should typically get IP's back as I would think most popular browsers use them properly...however there might be a option FF which allows IP blocking
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
Ok I realize that, but instead of correcting me...as I wasn't the one asking the question, why not explain to the fellow I replied too, why the IP of some users doesn't show???volka wrote:no, the address and the port are part of the socket connection. If the information is faked no return data will reach the client - not even will the tcp/ip connection be fully established.Hockey wrote:The IP address is sent by the client nothing to do at all with the server side of things...
You should typically get IP's back as I would think most popular browsers use them properly...however there might be a option FF which allows IP blocking
My best guess was some browsers maybe didn't construct the headers properly, but your right, I don't think the IP is handled by the browser. So my second guess, would be a proxy possibly causing the problem, or hackers poking at his web site.
If the IP isn't valid it's obvious, data cannot be sent back to the requesting application, so, why then would an IP be bogus? DoS attack or similar is the only thing I can think of, where the attacker doesn't care about feedback, they simply want to tax a system and not have any trace.
I'm out of guesses, but I'm interested in hearing yours...
p.s-In all fareness when I said client I wasn't refering to browsers per se, but rather the client machine, regardless of where it came from.
Cheers
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA