Remote IP over HTTPS

[ryanschefke]

Hello,

 

I am trying to collect an IP address using PHP over both http and https connections. Does anyone know how I can collect the IP over https? I use the

 

$ip = $_SERVER['REMOTE_ADDR'];

 

...over http and it works just fine. However, when I use it over https it does not.

 

Thank you very much,

Ryan

[mrMarcus]

when I use it over https it does not.

 

it does not...what?  it displays nothing?

[ryanschefke]

It displays the remote IP address of the server hosting our website when $_SERVER['REMOTE_ADDR']; runs under https. However,  when $_SERVER['REMOTE_ADDR']; runs under http  it displays the remote IP address of a visitor accessing our website.

[mrMarcus]

i would assume that's because when using SSL, information needs to be passed through an encrypted server, therefore, it gives out the IP address of that server.  i'm just taking a stab at it, but it sounds like that could be the case.

[PFMaBiSmAd]

Use a phpinfo(); statement in a php script and browse to it through https and examine the PHP Variable section at the end of the output and see if you are receiving the actual IP address in one of the $_SERVER variables.

[ryanschefke]

Hi Folks - I used the phpinfo() approach and ran it under http and https. To prove my point, check this out: http://www.leadliaison.com/phpinfo.php  -COMPARED TO- the same script under https, http://www.leadliaison.com/phpinfo.php. At the end you will see the server variables. It does not report the remote IP under https. Is there a solution here to collect the IP under https?

[PFMaBiSmAd]

The information shown in the phpinfo() output is ALL the information that your web server/php receives with each request.

 

Your web server is apparently behind a proxy server, which is setting the $_SERVER["HTTP_X_FORWARDED_FOR"] header. I expected this to also be set for the https request. I would speak to the server administrator and see what he/they can do about getting the $_SERVER["HTTP_X_FORWARDED_FOR"] header passed through with the https request. 

[ryanschefke]

Sorry, I must correct my last post:

 

http://www.leadliaison.com/phpinfo.php  -COMPARED TO- the same script under https,

https://www.leadliaison.com/phpinfo.php.

 

I am sure you figured that out though. The main issue seems to be that $_SERVER["HTTP_X_FORWARDED_FOR"] passes through under http but that server variable does not show up under https. I will chat with our server admin team about getting the $_SERVER["HTTP_X_FORWARDED_FOR"] header passed through with the https request.

 

Open to other ideas in the interim...

[PFMaBiSmAd]

Here is something I found that seems relevant -

# If the apache server is configured with "performance cache enabled" (default with Mac OS0X), it may return the Host-IP rather than the Client-IP. The Performance Cache can be disabled in ServerAdmin -> Web ->Settings->Options

# With old versions of apache (1.3.xx) you need to use an extra module (mod_proxy_add_forward) on the server which runs a proxy, to get the HTTP_X_FORWARED_FOR variable in the http header. With Apache 2.0 mod_proxy this is not anymore necessary, as it is included by default.