[Typo3-dev] client IP
Michael Stucki
michael at typo3.org
Tue Nov 23 00:00:50 CET 2004
Hi Masi,
> Just stumled across it while digging in the osCommerce code (yikes).
>
> Does TYPO3 do it already and if not, does it makes sense to use code
> like this?
I didn't test these lines yet but I believe that we still need some
improvements in user identification based on his IP address, especially for
users inside of an Intranet who work behind a proxy.
Since TYPO3 only checks for REMOTE_ADDR, this will find the wrong IP address
in cases where a proxy is used. Namely it will return the address of the
proxy server.
Checking for HTTP_X_FORWARDED, HTTP_X_FORWARDED_FOR and HTTP_CLIENT_IP might
be a good idea, but it has to be widely tested. Also note that
HTTP_X_FORWARDED_FOR seems to be allow comma-separated lists of multiple
addresses (see [1]).
I didn't find an RFC that describes these variables but they seem to be a
standard on proxy servers.
In case that someone wants to have a look at this, this document [2] offers
some interesting information.
BTW, I am not sure but I thought that getenv('REMOTE_ADDR') will return the
same value like $_SERVER['REMOTE_ADDR'], so why does this function differ
between them?
> function tep_get_ip_address() {
> if (isset($_SERVER)) {
> if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
> $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
> } elseif (isset($_SERVER['HTTP_CLIENT_IP'])) {
> $ip = $_SERVER['HTTP_CLIENT_IP'];
> } else {
> $ip = $_SERVER['REMOTE_ADDR'];
> }
> } else {
> if (getenv('HTTP_X_FORWARDED_FOR')) {
> $ip = getenv('HTTP_X_FORWARDED_FOR');
> } elseif (getenv('HTTP_CLIENT_IP')) {
> $ip = getenv('HTTP_CLIENT_IP');
> } else {
> $ip = getenv('REMOTE_ADDR');
> }
> }
> return $ip;
> }
[1] http://ch.php.net/getenv, see posting of 19-Apr-2004 08:00
[2] http://www.proxyfarm.com/docs/proxy_faq_a.htm#anonhttp
Regards, michael
--
Want support? Please read the list rules first: http://typo3.org/1438.0.html
More information about the TYPO3-dev
mailing list