4

On my production site, I'm keeping the log for users when they visited my site (ie login, logout) with their IP address.I'm using $_SERVER['REMOTE_ADDR'] to get IP. It was storing accurate IP of visitor before but suddenly this variable started returning 10.10.10.10 for all of my customers.

It is happening from 01-31-2011.

What could be the causes?

server info : LAMP EDIT: Now I have below function which is also returning same 10.10.10.10

function GetIP()
{
       if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"),
"unknown"))
               $ip = getenv("HTTP_CLIENT_IP");
       else if (getenv("HTTP_X_FORWARDED_FOR") &&
strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
               $ip = getenv("HTTP_X_FORWARDED_FOR");
       else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
               $ip = getenv("REMOTE_ADDR");
       else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] &&
strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
               $ip = $_SERVER['REMOTE_ADDR'];
       else
               $ip = "unknown";
       return($ip);
}

Thanks

Daric
  • 16,229
  • 11
  • 41
  • 58
  • This all depends what your environment is. Where are you hosting? Did you put a proxy in front of it? – Michael Papile Feb 11 '11 at 06:57
  • Do you have a new router or similar? – Kevin A. Naudé Feb 11 '11 at 07:00
  • Also are your apache logs showing the correct IPs? It is most likely a proxy or router not configured to pass x-forwarded-ip – Michael Papile Feb 11 '11 at 07:00
  • 2
    Could you give us some code? Maybe try creating a new PHP file containing `` load it and see if you still have the problem. – Metod Medja Feb 11 '11 at 07:00
  • @Michael: Sorry truly a new user I am not getting you. Are you talking about the proxy on visitor's browser or is it something else? Please elaborate – Daric Feb 11 '11 at 07:01
  • I am talking about a proxy on your side. 10.0.0.0/8 is private IP space it is not coming from a visitor. I am thinking you have a router or proxy in front of your app that is forwarding the remote request and not passing the real IP – Michael Papile Feb 11 '11 at 07:03
  • @Metod Hacker Medja: I tried in new file but here is also `10.10.10.10` – Daric Feb 11 '11 at 07:05
  • 2
    I would ask your hosting provider if they changed anything upstream of you on that day it broke. Like I said it seems something in your stack is forwarding/routing the request and not passing the IP. 10.10.10.10 is probably the address of a local load balancer or router. – Michael Papile Feb 11 '11 at 07:12
  • @Michael Papile: Ok, Let me confirm from those guys, But if they refuse to remove the router How can I get the visitor IP? Is there any other way in PHP to get acutual IP not the one for router? – Daric Feb 11 '11 at 07:20
  • $_SERVER['X-FORWARDED-IP'] is the one you might be after as Michael Papile mentioned above. – chx Feb 11 '11 at 07:28
  • You can check for x-forwarded-for in the http headers. If apache is recording the right IP and PHP is not, then your upstream is setting this header, and you will need to pull the value from this header for the real IP. – Michael Papile Feb 11 '11 at 07:29
  • @chx: $_SERVER['X-FORWARDED-IP'] return blank value – Daric Feb 11 '11 at 07:40
  • @chx and @Michael Papile I printed complete $_SERVER array. There is nothing called `'X-FORWARDED-IP'`, `HTTP_X_FORWARDED_FOR` – Daric Feb 11 '11 at 07:50
  • I talked to hosting guys they said that the put firewall – Daric Feb 11 '11 at 07:50
  • The function you have here is lame one. It should be never used. It can help you nothing. As for the provider - they **ought** to either remove the proxy or supply your web-server with correct IP address. By setting up mod_rpaf for example. Otherwise you have no chance but to quit using their service and find yourself reliable one. You have to understand that PHP has nothing to do with IP addresses at all. An IP address being supplied by web-server, thus, it's exactly web-server configuration question. – Your Common Sense Feb 11 '11 at 08:35
  • @new user then it's a hosting provider problem. They need to change this – Pekka Feb 11 '11 at 09:44

2 Answers2

0

That IP is an IANA "Black hole" address - no one is using it, and it is not considered a valid public IP address. Typically, it is used in code as a placeholder for an IP, or to mock code.

Are you certain you have not used a snippet of code somewhere that is overwriting this value? Check around for an accidental if($_SERVER['REMOTE_ADDR'] = '10.0.10.10') (note the single equals sign). In short - that address cannot possibly be legitimate.

It is, however, legit to use as an internal IP. As has been suggested by others, this may be the result of internal request routing. Check with your host to see if there have been any changes in network structure.

Chris Baker
  • 49,926
  • 12
  • 96
  • 115
-2

If you (or your provider) added a load balancer then REMOTE_ADDR would show IP address of the Balancer. To get users IPs use REMOTE_IP instead

criticus
  • 1,571
  • 8
  • 15
  • 3
    The PHP documentation (http://php.net/manual/en/reserved.variables.server.php) does not mention a REMOTE_IP. Please clarify. – Randall Cook May 09 '13 at 21:48