据我所知,代理服务器设置了头HTTP_X_FORWARDED_FOR
来识别通过代理发出HTTP请求的主机的ip地址。我听说过标题HTTP_CLIENT_IP
是出于类似目的设置的。
HTTP_CLIENT_IP
和HTTP_X_FORWARDED_FOR
有什么区别?这些标题都没有正式标准化。因此:
What is the difference between HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR?
- 这是不可能的。不同的代理可以实现这些,也可以不实现。实现可能因代理而异,也可能不同。缺乏标准会产生问号。Why would one have different values than the other?
- 参见第1点。但是,从纯粹实际的角度来看,我可以看到这些具有不同值的唯一原因是如果涉及多个代理 - 那么X-Forwarded-For:
头可能包含转发链的完整跟踪,而Client-IP:
标题将包含实际的客户端IP。然而,这是纯粹的推测。Where can I find resources on the exact definition of these headers.
- 你不能。见第1点。关于some kind of de-facto standard标题似乎确实有X-Forwarded-For:
,但是
鉴于没有定义它的RFC,这是不可靠的
见下面的评论。
作为旁注,Client-IP:
标题应该按照惯例为X-Client-IP:
,因为它是一个“用户定义的”标题。
您也可以尝试这种方式:
if (isset($_SERVER['HTTP_CLIENT_IP'])) {
$user_ip = $_SERVER['HTTP_CLIENT_IP'];
} else if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$user_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else if (isset($_SERVER['HTTP_X_FORWARDED'])) {
$user_ip = $_SERVER['HTTP_X_FORWARDED'];
} else if (isset($_SERVER['HTTP_FORWARDED_FOR'])) {
$user_ip = $_SERVER['HTTP_FORWARDED_FOR'];
} else if (isset($_SERVER['HTTP_FORWARDED'])) {
$user_ip = $_SERVER['HTTP_FORWARDED'];
} else if (isset($_SERVER['REMOTE_ADDR'])) {
$user_ip = $_SERVER['REMOTE_ADDR'];
} else {
$user_ip = null;
}