views:

656

answers:

6

how to identify remote machine uniquely in proxy server environment, i have used $_SERVER['REMOTE_ADDR'] but all machines in proxy network has same IP Address, is there any way

A: 

I do not think there are other ways to do what you want. This is because the proxy server proxies the clients' requests and acts on their behalf. So, the clients are virtually hidden from the server's point of view. However, I may be wrong.

Alan Haggai Alavi
A: 

If you are aware of the proxy server, I think that implies this is some kind of company LAN. Are you in control of the LAN? Perhaps building and installing some ActiveX plugin which sends a machine-unique ID to the server might be the solution.

In general, HTTP proxy servers are not required to send the IP of their client. So every request sent by a proxy looks like it came from the proxy's IP. (Although the wikipedia has some mention of custom headers some proxies send to forward the client's ip.)

It gets even worse when an HTTP proxy is itself using another HTTP proxy - the server getting the request will only get the IP of the last proxy in the chain, and there's no guarantee that the 2nd proxy is even aware that the 1st proxy wasn't a regular client!

scraimer
A: 

Your best bet would be :

 $uid = md5($_SERVER['HTTP_USER_AGENT'] .  $_SERVER['REMOTE_ADDR']);

however, there's no way to know if they changed their user agent or different browser.

OneOfOne
If just two people behind the same proxy use the same browser this doesn't work.
deceze
Exactly, there's no way to 100% be sure who it is, you can use combos of different $_SERVER vars and pray they would be unique in one way or the other.
OneOfOne
+1  A: 

You could use some other headers to help, like these ones (ones that come to mind when looking at a dump of $_SERVER) :

  • HTTP_USER_AGENT
  • HTTP_ACCEPT
  • HTTP_ACCEPT_LANGUAGE
  • HTTP_ACCEPT_ENCODING
  • HTTP_ACCEPT_CHARSET

Using several informations coming from the client will help differenciate different clients (the more information you use, the more chances you have that at least one of those is different between two clients)...

... But it will not be a perfect solution :-(

Depending on the kind of proxy software and it's configuration, there might be a header called X-Forwarded-For, that you could use :

The X-Forwarded-For (XFF) HTTP header is a de facto standard for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer. This is a non-RFC-standard request header which was introduced by the Squid caching proxy server's developers.

But I wouldn't rely on that either : it will probably not always be present (don't think its' required)

Good luck !

Pascal MARTIN
X-Forwarded-For can be useful for this exact situation. You can't rely on it, especially for uniqueness, but it is useful.
zombat
+5  A: 

Don't ever depend on information that is coming from the client. In this case, you're running up against simple networking problems (you can never be sure the client's IP address is correct), in other cases the client may spoof information on purpose.

If you need to uniquely identify your clients, hand them a cookie upon their first visit, that's the best you can do.

deceze
A: 

Thanks OneOfOne,

for me, the solution:

$uid = md5($_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR']);

does work fine. in my situation, i have just one server accessed by three up to five client.

ivan