How to track IP?

egregious

I am used to coding simple PHP scripts that lets you calculate the CGPA, participate in an online quiz, etc. I live in my hostel in university where we access Internet through a manual proxy. There are like thousands of students here who are all connected via LAN. They can access my websites if they know my IP

MY ipconfig in cmd :-
Ethernet Local Area connection
IP Address- 10.105.55.99
Subnet mask - 255.255.255.0
Default gateway - 10.105.55.2

I would like to track the IP of users who access my website and store them in my MYSQL database. I tried many codes and tested it myself. But all it shows is the IP address of the manual proxy server and not the IP address of the Ethernet local area connection of the users, the former being the SAME for all students here. I scoured through net, and I see that proxy server can be a problem in tracking IP. Can someone help me?

This is the code that I used once (It shows up the IP of the proxy server instead of the IP address of the users):-

<?php function getRealIpAddr()
{
    if (!empty($_SERVER['HTTP_CLIENT_IP']))   //check ip from share internet
    {
      $ip=$_SERVER['HTTP_CLIENT_IP'];
    }
    elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))   //to check ip is pass from proxy
    {
      $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
    }
    else
    {
      $ip=$_SERVER['REMOTE_ADDR'];
    }
    return $ip;
}
error_reporting(E_PARSE);
 $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
 $ip2=$_SERVER['REMOTE_ADDR'];
 $ip3=$_SERVER['HTTP_CLIENT_IP'];

 echo ("$ip2");
?>

bradgrafelman

egregious;11010933 wrote:
I would like to track the IP of users who access my website and store them in my MYSQL database.

Why? Surely whichever application you're using as your webserver daemon (Apache's HTTPD, for example) already has this ability. Why not simply utilize (perhaps after enabling/properly configuring) these existing access logs rather than trying to reinvent the wheel?

egregious;11010933 wrote:
I tried many codes and tested it myself. But all it shows is the IP address of the manual proxy server and not the IP address of the Ethernet local area connection of the users

That would suggest they aren't accessing your computer directly and are instead getting routed to the proxy server (which, in turn, makes a request to your computer on behalf of a remote user, relaying the response after it receives it). There are a number of reasons why this could be happening, including browser restrictions and/or network security rules, some of which may not be within your realm (or the user's) to change.

Then again, unless you know for a fact you're on a network that is very well secured and monitored, IP addresses can be spoofed (and/or manually specified/changed as desired), so YMMV if you expect them to be a good metric for tracking individual users. Plus, even if you managed to get an IP address other than that of the proxy server, who's to say that multiple users aren't sharing that same IP address (such as the case would be behind a wireless router with NAT capabilities)?

egregious

Then again, unless you know for a fact you're on a network that is very well secured and monitored, IP addresses can be spoofed (and/or manually specified/changed as desired), so YMMV if you expect them to be a good metric for tracking individual users. Plus, even if you managed to get an IP address other than that of the proxy server, who's to say that multiple users aren't sharing that same IP address (such as the case would be behind a wireless router with NAT capabilities)?

I know for sure that multiple users aren't sharing the same IP address.

Why? Surely whichever application you're using as your webserver daemon (Apache's HTTPD, for example) already has this ability. Why not simply utilize (perhaps after enabling/properly configuring) these existing access logs rather than trying to reinvent the wheel?

I use Apache (XAMPP). If I can get the IP address of clients from Apache, it would be great. But I am not aware of it. If you know how to, could you please pass the information to me?

bradgrafelman

egregious;11010999 wrote:
If I can get the IP address of clients from Apache, it would be great.

That is precisely what the Access Log is for.

dalecosp

If they're behind a proxy, you can't get their address FOR CERTAIN. Assuming a proxy header has been set, the standard method is something like:

if ($_SERVER['HTTP_X_FORWARD_FOR']) {
   $ip = $_SERVER['HTTP_X_FORWARD_FOR'];
} else{
   $ip = $_SERVER['REMOTE_ADDR'];
}

mistin

HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED_FOR, HTTP_FORWARDED, REMOTE_ADDR

Those are all the variables it could possible pass through in (in that order) like mentioned above unless the proxy is passing on your IP you won't be able to retrieve it.

This is mainly useful when your webserver is using a reverse proxy to serve content (e.g, nginx) or some dns proxy services.. But most proxies / tunnels on the client end don't forward your real IP for a reason.. it would kind of defeat the purpose of why most people use proxies 😛

bradgrafelman

dalecosp;11011037 wrote:
the standard method is something like:
if ($_SERVER['HTTP_X_FORWARD_FOR']) {
   $ip = $_SERVER['HTTP_X_FORWARD_FOR'];
} else{
   $ip = $_SERVER['REMOTE_ADDR'];
}

There's no need to use PHP for this - Apache is perfectly capable of logging all of the possible HTTP headers mistin mentioned above.

dalecosp

bradgrafelman;11011057 wrote:
There's no need to use PHP for this - Apache is perfectly capable of logging all of the possible HTTP headers mistin mentioned above.

Of course. Does it put them in the DB automagically also?

dalecosp

🙂

egregious

Well, I checked accesslog. It shows nothing but the PROXY IP only

bradgrafelman

dalecosp;11011065 wrote:
Of course. Does it put them in the DB automagically also?

Of course not. It also doesn't make me breakfast in the morning... but neither of those are within the scope of what I was referring to (logging IPs of visitors).

egregious;11011071 wrote:
Well, I checked accesslog. It shows nothing but the PROXY IP only

You can try checking the other HTTP headers mentioned above, but as already mentioned in this thread - it's quite possible that the users really are only accessing your webserver via the proxy, which means that you're at the mercy of that proxy as to whether or not it will be nice enough to tell you what their IP is.

dalecosp

bradgrafelman;11011073 wrote:
Of course not. It also doesn't make me breakfast in the morning... but neither of those are within the scope of what I was referring to (logging IPs of visitors).

Ah; I thought it was within the scope of the OP's thread, however:

egregious wrote:
I would like to track the IP of users who access my website and store them in my MYSQL database.

Weedpacket

dalecosp wrote:
Of course. Does it put them in the DB automagically also?

bradgrafelman wrote:
Of course not. It also doesn't make me breakfast in the morning... but neither of those are within the scope of what I was referring to (logging IPs of visitors).

dalecosp;11011075 wrote:
Ah; I thought it was within the scope of the OP's thread, however:
egregious wrote:
I would like to track the IP of users who access my website and store them in my MYSQL database.

Although it could (given the appropriate command-line script) do so.

egregious

I realised that it's impossible to track the IPs of clients when they access my site through the proxy server.

But I just found out how to successfully track client's IP address!!!🙂

But a few students run an entertainment hub here based entirely on PHP and they are able to track down the client IP bypassing the proxy server. I remember that I had to type in their local IP address in the 'No Proxy For' section in my web browser connection settings; then only I was able to browse their site.

So I guess if I can find a way to make my website inaccessible if used via a proxy, I can track the client IP. I modified my codes and voila! It worked. Now I am able to trace my clients IP.

It's unbelievable. I have been trying for like 4-5 days using HTTP_X_FORWARDED_FOR ,REMOTE_ADDR ,etc. and this idea came to my mind just now within a span of seconds. LOL

Thanks for your suggestions. I hope this thread will be useful for other users who are stuck with the same issue