tags:

views:

181

answers:

3
Q: 

Hide my real ip address when i'm surfing a php page

Hi , This php function return the real ip address of clients :

function getRealIpAddr()
{
    if (!empty($_SERVER['HTTP_CLIENT_IP']))   //check ip from share internet
    {
      $ip=$_SERVER['HTTP_CLIENT_IP'];
    }
    elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))   //to check ip is pass from proxy
    {
      $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
    }
    else
    {
      $ip=$_SERVER['REMOTE_ADDR'];
    }
    return $ip;
}

when i set a ip:port proxy for IE , this code still show my real ip and i don't know how can i hide my ip from this php code !!! (such as VPN mechanism)

A: 

What about using CURL and curl_setopt() with this option - CURLOPT_INTERFACE.

but this will not return data back to you and instead to the new IP address set.

Satya Prakash  2010-08-24 09:20:41
Referrer is a different header and completely irrelevant to this.
Piskvor  2010-08-24 09:21:57
i got some hints ! attention to this sentence : "**The problem with “HTTP_” headers is that they can easily be faked by the client.**" . so how can i make a fake header ?
Kermia  2010-08-24 09:30:29
A: 

This is not your fault. If you want to hide your real IP, you must find a real anonymous proxy (also called 'elite'). You can't change http headers to fake your ip - those headers (HTTP_X_FORWARDED_FOR in fact) are added on the fly by transparent proxy server.

When connecting by non-elite but normal anonymous proxy, there will be only one header saying that connection is forwarded, but will not reveal your real IP.

You can also use SOCKS proxy, which do not modify http headers, because they don't have specified protocol, only mediate in TCP connection.

Some proxies can send your IP in own-non-standard headers. If you want to be sure, that your IP is not given anywhere, you should write your own tester, which will parse all headers to find your exact IP.

Also remember, that not every proxy is safe, some of them could be setted up by hackers to catch a password, or changing your data on the fly.

killer_PL  2010-08-24 09:47:44
A: 

All headers are forgable by clients. The end point of the socket is not forgable - but with facilities like tor you cannot rely on the data being in anyway accurate, never mind NAT.

Whatever you are trying to achieve, you should not rely on the information returned by the function. The only place where you should use it all is for indicative information across a large sample size (e.g. for GIS ip/address lookups).

You should certainly never, ever use this for authentication purposes.

symcbean  2010-08-24 11:53:36
he is not using it for authentication purposes. He is not using this function at all. He is trying to avoid it, for spam, fraud, whatever.
Col. Shrapnel  2010-08-24 12:07:48
Whoops, didn't read it all the way through the first time. The answer is obvious but I don't feel like telling him :)
symcbean  2010-08-24 13:45:44

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases