英文:
How to curl with user ip not server ip in php
问题
I have.
这个URL
我需要使用用户IP而不是服务器IP来进行Curl请求。
请解决我的问题。
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://opsukrat.in/ip.php");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
$ip = curl_exec($ch);
curl_close($ch);
英文:
I have.
This url
I need to curl with user ip not using server ip..
Please solve my problem..
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://opsukrat.in/ip.php");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
$ip = curl_exec($ch);
curl_close($ch);
答案1
得分: 4
以下是翻译的内容:
对于你的问题的简短答案是:你不能。你不能将流量路由到第三方,以便流量来自随机用户的IP地址。但是,根据你具体要做什么(更多详情请参见底部),你可能有一些选择。
- 在某些端点上,你可以添加 --header "X-Forwarded-For: XXX.XXX.XXX.XXX",其中你传递原始请求者的IP地址。某些环境会在CURL请求中查找该标头,并可能在其端点上以特定目的传递它。在"https://opsukrat.in/ip.php"的情况下,这不会起作用,因为他们只查看实际请求的IP地址。
- 如果你不关心从端点获得响应,有一些方法可以伪造你的IP地址。这需要一些高级的网络设置(我认为仅凭CURL无法做到),而且你无法获取任何数据包回来...这可以用于(通常是恶意地)使用伪造的IP地址向第三方发送POST/DELETE/PATCH调用。在你的情况下,你需要响应,所以这是行不通的(而且我想不出一个合法的情况,你会想这样做)。
对于第二个建议的更正:正如Barmar在评论中指出的那样,无论如何,对于TCP流量都不起作用,因为 - 在实际请求被传输之前 - 发送方必须能够对服务器的SYN-ACK数据包作出响应,这是无法做到的,因为IP被伪造了。对于HTTP(S)流量,这种方法根本行不通。将此作为答案的一部分保留下来,因为它可能是
有启发性的。
- 如果这是用于内部网络或其他情况,你知道并可以与请求用户合作的情况下,你可以让所有参与的用户在其计算机上安装代理,并且你可以使用CURL的代理功能将curl请求传递回请求者的IP地址(使用
$_SERVER['REMOTE_ADDR']作为IP)...这样请求将通过用户自己的IP地址从其代理服务流回出去。这是一个荒谬的理论用例/设置,但至少从技术上讲是可能的。
然而,根据我所看到的情况,你根本不需要CURL请求!你可以用以下代码替换你的整个代码:
$ip = $_SERVER['REMOTE_ADDR'];
现在你有了用户的公共IP地址。
英文:
The short answer to your question is: you can't. You cannot route traffic to a third party so that the traffic is coming from a random user's IP address. However, depending on what you're specifically trying to do (more on that at the bottom), you may have some options.
- On some endpoints, you can add --header "X-Forwarded-For: XXX.XXX.XXX.XXX" where you pass the original requester's IP address. Some environments look for that header in the CURL request and may pass it for specific purposes on their end. In the case of "https://opsukrat.in/ip.php" this won't work as they are only looking at the actual requesting IP address.
- If you don't care about getting a response back from the endpoint, there are ways of spoofing your IP address. This requires some advanced networking set-up (you can't do it just with CURL to my knowledge) and you can't get any packets back... this can be used (generally maliciously) to send POST/DELETE/PATCH calls to a third-party with a spoofed IP address. In your case, you need the response, so that's a no-go (and I can't think of a legitimate case where you'd want to do this).
> Correction on this second suggestion: As Barmar pointed out in the comments, this wouldn't work for TCP traffic in any case because - before the actual request is transmitted - the sender would have to be able to respond to a SYN-ACK packet from the server, which it couldn't do because the IP was spoofed. For HTTP(S) traffic this approach would just never work. Leaving this as part of the answer as it may be
> illuminating.
- If this is for an intranet, or some other case where you know and can cooperate with the requesting users, you can have all participating users install proxies on their machines and you can use CURL's proxy functions to pass the curl request back to the requester's IP address (using
$_SERVER['REMOTE_ADDR']for the IP)... so you'd have the request flow back out through the user's proxy service from their own IP address. This is a ridiculous theoretical use-case/set-up but it's at least a technical possibility.
HOWEVER, based on what I'm seeing, you don't need a CURL request at all! Your entire code can be replaced this this:
$ip = $_SERVER['REMOTE_ADDR'];
And now you have your user's public IP address.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论