Php remote IP address

Question

0.00/5 (No votes)

See more:

Hi Everyone,

I am trying to check the remote IP address, and if the remote ip address is not the same as my own ip address, than echo or alert on the screen to say you dont have access to this file.

and if i include this file in my own pages, it should allow. below is my script which does display my ip and remote ip address, upto this point it works fine.

this is my config or functions file, which i include("functions.php") within in my landing page index.php. this is where i just want the index.php to be able read - which is not working.

Any suggestion is highly appreciated, i know i can use session i guess. but struggling to set one.

What I have tried:

PHP

<?php
//	I usually like to add a line to some of my include-files, to keep them from being accessed directly:

if ($_SERVER[‘REMOTE_ADDR’] != $_SERVER[‘SERVER_ADDR’]) die("Nope! You can not have it.");

//==	Attempt to obtain the visitor's actual IP-Address (as best as possible).
function get_real_IP($void=null) {

$headers = array(
'HTTP_VIA',
'HTTP_X_FORWARDED_FOR',
'HTTP_FORWARDED_FOR',
'HTTP_X_FORWARDED',
'HTTP_FORWARDED',
'HTTP_CLIENT_IP',
'HTTP_HTTP_CLIENT_IP',
'HTTP_FORWARDED_FOR_IP',
'VIA',
'X_FORWARDED_FOR',
'FORWARDED_FOR',
'X_FORWARDED',
'FORWARDED',
'CLIENT_IP',
'FORWARDED_FOR_IP',
'HTTP_XPROXY_CONNECTION',
'HTTP_PROXY_CONNECTION',
'HTTP_X_REAL_IP',
'HTTP_X_PROXY_ID',
'HTTP_USERAGENT_VIA',
'HTTP_HTTP_PC_REMOTE_ADDR',
'HTTP_X_CLUSTER_CLIENT_IP'
);

foreach ($headers as $header) if (isset($_SERVER[$header]) && !empty($_SERVER[$header])) return $_SERVER[$header];

if (trim($_SERVER['SERVER_ADDR'])==trim($_SERVER['REMOTE_ADDR'])) return $_SERVER['SERVER_ADDR'];

return $_SERVER['REMOTE_ADDR'];
}

if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) die("Nope! You can not have it.".$_SERVER['SERVER_ADDR']  ." Remote address ".$_SERVER['REMOTE_ADDR'] );
    
?>

Posted 15-Jun-19 8:07am

Member 14093672

Updated 2-Oct-19 14:28pm

ChauhanAjay

v5

Add a Solution

Comments

Richard MacCutchan 16-Jun-19 8:45am

What file are you referring to? There are easier methods to protect the information on the server.

Member 14093672 17-Jun-19 5:15am

Thanks Richard,

Just trying to protect sub folders and files within from outside world, but should be accessible to the app, i.e., library configs images etc.

Would you please advise what other easier methods to protect the information on the server please?

I am also trying to use virtualhost protection, please see my other question https://www.codeproject.com/Questions/5128251/Apache-setup-virtual-host.

I would be grateful if you share your thoughts.

Thanks once again for reading my posts.

Richard MacCutchan 17-Jun-19 5:24am

Server files are not visible to the outside world via browsers unless you make them so. I think you are trying to solve a problem that does not exist.

Member 14093672 17-Jun-19 12:48pm

the problem exists, if someone example type www.xyz.com/lib or www.xyz.com/images/logo.png, it is visible to outside world. i want this visible only to the app not the outside world. hope its clear.

Member 14093672 17-Jun-19 12:54pm

example
DirectoryMatch "c:/xampp/htdocs/xyz/(.+)/">
Order deny,allow

example., i got xyz/images/logo.png

by default users cannot browse the directory., however in my browser if i type www.xyz/images/logo.png
, the logo file appears in the browser. i want this to be restricted for outside world but visible to app.

Richard MacCutchan 17-Jun-19 12:56pm

Why make them visible to a browser in the first place?

Member 14093672 17-Jun-19 13:08pm

because those files in sub folders are important/business scripts, and it should b only available to app not outside world.hope i made it clear please

phil.o 2-Oct-19 19:52pm

This is something you would rather do on network level: do not route incoming requests on external IP on ports 80 and 443 to your web server, and no one from outside will even be able to reach the root of your site.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Mohibur Rashid · Answer 1 · 2019-10-02T14:28:00

--- JUST REALIZED ---
It's a 3 months old post, someone decided to format a 3 months old post
----------------------

Let me give you several option to handle this
1. Handle through Apache
You can simply deny any request that is not coming loclhost or 127.0.0.1

RewriteEngine On
RewriteCond %{HTTP_HOST} !^localhost [NC]
RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1$
RewriteRule ^/super_secret_image_path/?(.*) [R=404,L]

2. Handle through Apache, additional layer, using reverse proxy. Run your main php application with different port. And only localhost or internal network would be allowed to access and you browse your application when you have to access from localhost using extra port
3. Through PHP with Apache. Write a directory directive to deny all

<Directory "/var/web/your_precious_image_directory">
  Require all denied
</Directory>

With PHP create a rule that will translate download request to actual path and write the file content with proper header.

$filepath = transalte_special_image_path($_GET["img"], $_GET["img"]);


if(file_exists($filepath)) {
    header('Content-Description: File Transfer');
    header('Content-Type: ' . get_actual_content_type($file_path)); // eg: image/jpeg
    header('Content-Disposition: attachment; filename="'.basename($filepath).'"');
    header('Expires: 0');
    header('Cache-Control: must-revalidate');
    header('Pragma: public');
    header('Content-Length: ' . filesize($filepath));
    flush(); // Flush system output buffer
    readfile($filepath);
    exit;
}