IP Detection - Getting private (local?) address

icrwly

I'm trying to redirect users by their IP address. Here is the code for getting the IP:

if (!empty($SERVER['HTTP_CLIENT_IP'])) //check ip from share internet
{
$ip=$SERVER['HTTP_CLIENT_IP'];
}
elseif (!empty($SERVER['HTTP_X_FORWARDED_FOR'])) //to check ip is pass from proxy
{
$ip=$SERVER['HTTP_X_FORWARDED_FOR'];
}
else
{
$ip=$_SERVER['REMOTE_ADDR'];

}

The problem is that I'm getting private IPs in some cases. I haven't been able to confirm, but I believe what is happening is that I'm getting the IP of the user's computer. For example, a user's computer at work may have a local IP of 10.XXX.X, but the external IP would be 192.XXX.X.

The few times that this issue has come up (i.e. users being redirected to the wrong place), I've asked the user to run the above script and the IP always comes back as 10.XXX. Could this by a Proxy issue? I've tried every way I can think of to test this and I've never been able to replicate the issue.

I'm lost, so I would really appreciate some help.

Thx!

farius

This could be because the user is behind a router. I know my router has A 10.0.0.X device (local) IP address but has a 169.... Public/static. What could also through a bone in the whole thing is a firewall.

I Don't know how helpful I am but ya never know!

bretticus

If they are external to your router, you are definitely getting those addresses from proxy servers because there's no way a private IP can get anything directly addressed to it. My guess is that there is a proxy server in a LAN somewhere that has a private IP itself. It would have to use NAT like any other private IP host. However, the network appliance providing NAT is probably not stripping the HTTP_X_FORWARDED_FOR portion out of the http headers. Simply because when the NAT-handling device (router) sends the response to the proxy server, the proxy server has to know which privately addressed host to return the data to.

icrwly

"My guess is that there is a proxy server in a LAN somewhere that has a private IP itself"

You're correct. That was the issue. HTTP_X_FORWARDED_FOR seems kind of useless, since it will return a private IP more times than not. I changed my code to just use remote address. It's not going to be as accurate, but at least I'll be able to map every user.

bretticus

icrwly;10898866 wrote:
It's not going to be as accurate, but at least I'll be able to map every user.

Or at least the proxy server they are using.

HTTP_X_FORWARDED_FOR is very useful for getting unique addresses for major ISP customers where the proxy server is not behind a NAT enabled router.