Thursday, 27 December 2012

Real IP Address Location Lookup and Trace using PHP Script

Real IP Address Location Lookup and Trace using PHP Script

Sometimes we have to lookup or trace IP Address and Location of a user for some purpose like for validation, security, spam prevention etc. Locating and Tracing Real IP Address of a user is very easy using PHP Script.

Server Variables in PHP to get Real IP Address of Client

Normally I have seen that $_SERVER['REMOTE_ADDR'] is used to find out the IP Address of the client. But this server variable does not work well if your client is connected to the Internet through Proxy Server. Proxies can be used to cache content, speeding up the request, to block offensive content, reformat pages for certain devices such as PDAs and cell phones or protect against computer viruses. All of these things can be done with providing any anonymity to the user. Anonymous proxies do get a lot of attention though and if a visitor to your site is using an anonymous proxy you won't be able to get their real ip address.

In that case $_SERVER['REMOTE_ADDR'] in PHP just returns the the IP address of the proxy server not of the client’s machine.

So there are other server variables available in PHP which will give you the real IP Address of the client even if your client is using the proxy server. You can use $_SERVER['HTTP_CLIENT_IP'] and $_SERVER['HTTP_X_FORWARDED_FOR'] server variables to get the real IP Address of the client.

Following is the function written in PHP which will fetch the real IP address of the user even if he is behind a proxy server.

function GetRealIPAddress()
{
 if (!empty($_SERVER['HTTP_CLIENT_IP']))
 {
  $ip=$_SERVER['HTTP_CLIENT_IP'];
 }
 elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
 //to check ip is pass from proxy
 {
  $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
 }
 else
 {
  $ip=$_SERVER['REMOTE_ADDR'];
 }
 return $ip;
}

Explanation of above PHP code to get real IP Address of Client:

In the above PHP function to get real IP Address of client, first attempt is to get the direct IP address of client’s machine, if not available then try for forwarded for IP address using HTTP_X_FORWARDED_FOR. And if this is also not available, then finally get the IP address using REMOTE_ADDR.

You can make your above PHP function to get Real IP Address of Client more robust by referring the following PHP code:

function GetRealIPAddress()
{
    if (isset($_SERVER["HTTP_CLIENT_IP"]))
    {
        return $_SERVER["HTTP_CLIENT_IP"];
    }
    elseif (isset($_SERVER["HTTP_X_FORWARDED_FOR"]))
    {
        return $_SERVER["HTTP_X_FORWARDED_FOR"];
    }
    elseif (isset($_SERVER["HTTP_X_FORWARDED"]))
    {
        return $_SERVER["HTTP_X_FORWARDED"];
    }
    elseif (isset($_SERVER["HTTP_FORWARDED_FOR"]))
    {
        return $_SERVER["HTTP_FORWARDED_FOR"];
    }
    elseif (isset($_SERVER["HTTP_FORWARDED"]))
    {
        return $_SERVER["HTTP_FORWARDED"];
    }
    else
    {
        return $_SERVER["REMOTE_ADDR"];
    }
}

3 comments:

  1. What if the remote client is faking the headers you mentioned? The only thing you can be sure about is the REMOTE_ADDR (and not even that if the server running the php script is behind a load balancing configuration). If you really want to do stuff, you need a combination of the forementioned headers/php vars.

    ReplyDelete