Curl and PHP: Client IP address gets changed


I am building a counter/security application of sorts that uses Curl and PHP. When a visitor comes to my site, the script is supposed to pass their IP address, browser headers, referring URLs and user agent through the Curl script, record data and perform security analysis.

Everything works fine except in the output of the script, it records my server’s IP address instead. This is a problem because I lose all the IP information from my clients

My question is how do I pass the client’s IP address through Curl without it being altered?


Its difficult to tell where your problem lies withou some code

Here is my basic curl code:

$url = "";
$header = "Location: ".$url;
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_HEADER, $header);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);

After the code runs, target-page.php is supposed to record the IP address of the visitor. Instead it records the IP address of my server running curl.

I’m not sure how “sockets” work but is there a way to create a connection between target-page.php and the client (for example, the target-page.php collects client IP information and sends information back to the client?)

There’s no need for sockets. :slight_smile:

You already have access to the users information, you just need to capture/send in a manageable way.

function get_server_var($key){
  return !empty($_SERVER[$key]) ? $_SERVER[$key] ? null ;

$params = array(
  'remote-address'  => get_server_var('REMOTE_ADDR'),
  'user-agent'      => get_server_var('HTTP_USER_AGENT'),
  'referrer'        => get_server_var('HTTP_REFERER')

$handle = curl_init(sprintf(

curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($handle);

In ‘tracker.php’ you can access the $_GET superglobal to obtain the remote users information. Although, I’m guessing you’re wanting some additional behaviour here…

Thanks for the help Anthony.

Unfortunately, I am getting this error right after the “null” part of the script:
Parse error: syntax error, unexpected ‘;’ on line 3"

It’s a tenary thing. One of those ? marks should be a colon :.

Ah, I got the script working now and I see what it is doing. I was actually able to do the equivalent using session variables in some of my earlier attempts :smiley:

What if we take this a step further though and tracker.php is on an external third party site out of my control (such as a counter and API)? If we use “REMOTE_ADDR” on tracker.php, the IP still shows up as my server.

Correct because your server has become the client to that site and its script. I think you might be able to convince it your a proxy or mirror using the HTTP_X_FORWARDED_FOR header but you’ll need to look into that.

Yes, sorry about that. As pointed out by tangoforce, the second question mark should have been a colon. :blush:

There’s nothing you can do about that I’m afraid, unless of course the remote server permits (and supplies for) this functionality.

What exactly are you trying to do here, what underlying problem are you trying to solve?