Get a visitors IP through a proxy

I’m trying to get the user’s IP even if they’re using a proxy or anything like that. On the PHP documentation for super globals someone posted this function

	function getVisitorIp () {
			if ($_SERVER["HTTP_CLIENT_IP"]) {
				$proxy = $_SERVER["HTTP_CLIENT_IP"];
			} else {
				$proxy = $_SERVER["REMOTE_ADDR"];
		} else {
			if ($_SERVER["HTTP_CLIENT_IP"]) {
				$ip = $_SERVER["HTTP_CLIENT_IP"];
			} else {
				$ip = $_SERVER["REMOTE_ADDR"];
		return $ip;

Have you had experience in this area where you can confirm or deny whether this is on the right path?

Looking at the code, $proxy could never be returned by the function. Why not try browsing to your site through a proxy and have a script dump all the superglobals to a file?

As you already know your own IP, you could just search the file for the relevant line. :slight_smile:

That is an excellent point :slight_smile:

Keep in mind only the $_SERVER[“REMOTE_ADDR”] variable is set by your webserver. All the others, are user defined variables. This means they can contain any value the user chooses, so it may not be a real ip address, nor may it look like an ip at all.

Different proxy’s along the way may choose different names for any ip they may forward. So just because the proxy you choose happens to use a certain name, doesn’t mean others will use the same name.

the X_FORWARDED_FOR should contain the originating IP address IF, and ONLY IF the proxy is allowed to forward it.

A lot of ‘anonymous proxies’ (open ones) deliberately block the sending of this for anonimity.

It does work for proxies that allow it. If that doesn’t, I have can get a block of code that does work from my other PC, but from memory its virtually the same.

“X_FORWARDED_FOR should contain the originating IP address” in a perfect world yes, but seeing as x-forward-for is not defined in any standard body, its value can theoretically be in any format.

Generally it would appear as: x-forwarded-for: client1, proxy1, proxy2

However I see no reason why one would need to get the “real” IP address of a user. IPs are not unique to be used as identification.

The purpose is to increase the effectiveness of our banning system based off of IPs.

Your best technical solution is to block proxies from accessing your website. There are several types of proxies out there and blocking them will save you headache in the future.

There is the small problem of blocking entire ISP’s that make heavy use of proxies though, most notably AOL (unless they restructured sometime in the last 5 years). Also, IPv4 is exhausted, so proxies and NAT’s are going to become increasingly more common. As a result this stance is untenable.

Good point. Networks like AOL, Satellite, dial-up, etc., are a pain. The next step is to use additional methods with those groups.

There are an awful lot of legitimate reasons to use proxies, blanket blocking them is a VERY bad idea. Blocking ones you know are being abused (via specific IP addresses) isn’t a bad plan though.

There are certainly legitimate reasons for using a proxy. There are even more reasons to block them from your website though. Traffic from data centers isn’t going to make your advertisers happy. If you run an e-commerce site, there is no legit reason why a user would need to hide behind a proxy, especially if they are making purchases.

Mind you, I’m not referring AOL or networks mentioned in my post above. There are some networks to be mindful of so false positives aren’t produced.

I deliberately run a Squid caching proxy at work… because we have limited internet bandwidth available. That is a perfectly normal, and acceptable use. Plenty of businesses and other places run proxies as a filter as well, to stop people doing things they shouldn’t, or to virus scan all inbound data. Thats not ‘hiding’, thats just using the internet.

I’m not saying people don’t hide behind proxies, they do, but blocking ALL isn’t the answer.

Very true. I see your point and it is certainly not good to block business networks. I was referring more to open/http proxies, Tor, and the like.