php 获取真实ip

1. REMOTE_ADDR：是和服务器直接"握手"的IP。
2. HTTP_CLIENT_IP：代理服务器添加的 HTTP 头，存放客户端真实IP。
3. HTTP_X_FORWARDED_FOR：代理服务器添加的HTTP头，存放真实ip和各级代理ip。格式为X-Forwarded-For: client1, proxy1, proxy2。

http请求头可以伪造，不仅代理可以，客户端也可以。
REMOTE_ADDR也可以伪造，通过伪造tcp握手包，Response将会发送给被伪造的IP，所以这个层面的伪造ip没有意义。

phpcms中的获取ip函数：

 function ip() {
     if(getenv('HTTP_CLIENT_IP') && strcasecmp(getenv('HTTP_CLIENT_IP'), 'unknown')) {
         $ip = getenv('HTTP_CLIENT_IP');
     } elseif(getenv('HTTP_X_FORWARDED_FOR') && strcasecmp(getenv('HTTP_X_FORWARDED_FOR'), 'unknown')) {
         $ip = getenv('HTTP_X_FORWARDED_FOR');
     } elseif(getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) {
         $ip = getenv('REMOTE_ADDR');
     } elseif(isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) {
         $ip = $_SERVER['REMOTE_ADDR'];
     }
     return preg_match ( '/[\d\.]{7,15}/', $ip, $matches ) ? $matches [0] : '';
 }

它首先取 HTTP_CLIENT_IP ,然后取 HTTP_X_FORWARDED_FOR,上述都取不到的情况下才去取 REMOTE_ADDR。可前两个都能在客户端伪造。所以这个次序不行。

来看一看如何伪造。
ip_request.php:

 <?php
 $headers['CLIENT-IP'] = '2.2.2.2';
 $headers['X-FORWARDED-FOR'] = '3.3.3.3,8.8.8.8';
 $headerArr = array();
 foreach( $headers as $n => $v ) {
 $headerArr[] = $n .':' . $v;
 }
 ob_start();
 $ch = curl_init();
 curl_setopt ($ch, CURLOPT_URL, "http://www.my.com/ip_response.php");
 curl_setopt ($ch, CURLOPT_HTTPHEADER , $headerArr ); //构造IP
 curl_setopt ($ch, CURLOPT_REFERER, "http://www.163.com/ "); //构造来路
 curl_setopt( $ch, CURLOPT_HEADER, 1);
 curl_setopt($ch, CURLOPT_POST, 1);//post方式发送数据
 curl_exec($ch);
 curl_close ($ch);
 $out = ob_get_contents();
 ob_clean();
 echo $out;
 ?>

ip_response.php

 <?php
 print_r($_SERVER);
 ?>

输出结果：

 HTTP/1.1 200 OK
 Date: Wed, 08 Mar 2017 02:57:08 GMT
 Server: Apache/2.4.9 (Win32) PHP/5.5.12
 X-Powered-By: PHP/5.5.12
 Content-Length: 2028
 Connection: close
 Content-Type: text/html

 Array
 (
 [HTTP_HOST] => www.my.com
 [HTTP_ACCEPT] => */*
 [HTTP_REFERER] => http://www.163.com/
 [HTTP_CLIENT_IP] => 2.2.2.2
 [HTTP_X_FORWARDED_FOR] => 3.3.3.3,8.8.8.8
 [CONTENT_TYPE] => application/x-www-form-urlencoded
 [HTTP_EXPECT] => 100-continue
 [PATH] => C:\Program Files\Java\jdk1.8.0_31\bin;C:\Program Files\Java\jdk1.8.0_31\jre\bin;C:\Program Files\Java\jdk1.8.0_31\bin;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\bin;C:\Program Files (x86)\MacType;F:\Program Files\TortoiseSVN\bin;C:\Python27\;C:\Program Files\nodejs\;C:\WINDOWS\system32\config\systemprofile\.dnx\bin;C:\Program Files\Microsoft DNX\Dnvm\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;E:\WAMP\bin\php\php5.5.12;C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps
 [SystemRoot] => C:\WINDOWS
 [COMSPEC] => C:\WINDOWS\system32\cmd.exe
 [PATHEXT] => .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
 [WINDIR] => C:\WINDOWS
 [SERVER_SIGNATURE] => <address>Apache/2.4.9 (Win32) PHP/5.5.12 Server at www.my.com Port 80</address>

 [SERVER_SOFTWARE] => Apache/2.4.9 (Win32) PHP/5.5.12
 [SERVER_NAME] => www.my.com
 [SERVER_ADDR] => 127.0.0.1
 [SERVER_PORT] => 80
 [REMOTE_ADDR] => 127.0.0.1
 [DOCUMENT_ROOT] => E:/WAMP/www/my
 [REQUEST_SCHEME] => http
 [CONTEXT_PREFIX] =>
 [CONTEXT_DOCUMENT_ROOT] => E:/WAMP/www/my
 [SERVER_ADMIN] => admin@example.com
 [SCRIPT_FILENAME] => E:/WAMP/www/my/ip_response.php
 [REMOTE_PORT] => 59461
 [GATEWAY_INTERFACE] => CGI/1.1
 [SERVER_PROTOCOL] => HTTP/1.1
 [REQUEST_METHOD] => POST
 [QUERY_STRING] =>
 [REQUEST_URI] => /ip_response.php
 [SCRIPT_NAME] => /ip_response.php
 [PHP_SELF] => /ip_response.php
 [REQUEST_TIME_FLOAT] => 1488941828.317
 [REQUEST_TIME] => 1488941828
 )

phpcms已跪。