Home   Best Sellers   Blogging   Coding & Design   Technology   SEO   Travel & living   Career   Videos   Tips   Online tools     
Home  »     »     »     »  Getting Actual IP Address for geo tracking

Getting Actual IP Address for geo tracking

Wednesday, November 24, 2010

Getting Actual IP Address

How to get Actual IP address when the website is accessed using a proxy server?

I had to face a situation in which i had added a geo targeting code in my web app which blocks the users from out side India to access it.
it worked fine until there was a situation where some users from outside india tried to access the app using a proxy server in India.

Although there are some snippets available in web ( or you can code it yourself) which checks for the flag HTTP_X_FORWARDED_FOR in the header information.

Some example snippets:



function GetUserIP() {

if (isset($_SERVER)) {


if (isset($_SERVER["HTTP_CLIENT_IP"]))


if (getenv('HTTP_X_FORWARDED_FOR'))
return getenv('HTTP_X_FORWARDED_FOR');

if (getenv('HTTP_CLIENT_IP'))
return getenv('HTTP_CLIENT_IP');

return getenv('REMOTE_ADDR');


function get_real_IP_address()
if (!empty($_SERVER['HTTP_CLIENT_IP'])) //check ip from share internet
elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) //to check ip is pass from proxy
return $ip;


both the functions checks for the value of server value HTTP_X_FORWARDED_FOR .. if it is set then the IP address value is taken from that, else it take the value of $_SERVER['REMOTE_ADDR']

You can see that both functions above does the same operation to determine the actual IP address of a web request through a proxy.

When an access is done through a proxy what happens is the proxy server hides your orginal IP and moves on with the request execution with the proxy server IP Address and that way the orhinal IP stays hidden.

proxy servers are of different types


An Anonymous Proxy Server blocks the remote Computer from knowing the identity of the Computer using the Proxy Server to make requests.


A Transparent Proxy Server tells the remote Computer the IP Address of your Computer. This provides no privacy.

Anonymous Proxy Servers can further be broken down into two more categories, Elite and Disguised. An Elite Proxy Server is not identifiable to the remote computer as a Proxy in any way. A Disguised Proxy Server gives the remote computer enough information to let it know that it is a Proxy, however it still does not give away the IP of the Computer it is relaying information for.

So depending on the configuration of the proxy server the value of HTTP_X_FORWARDED_FOR changes.

for transparent Proxies you may get the value of HTTP_X_FORWARDED_FOR in the header info.

There is a header flag called HTTP_X_FORWARDED_FOR which can be used to determine the orginal IP address, but this is set by the Proxy server and that is no in control of the web application which runs on that proxy.

Some proxy servers allows to appened this header to specify the actual IP address and this type are called transparent proxys and other type is Anonymus which will not appened the above said flag, so the actual IP address is not accessibile for the web application.

So It is little bit difficult to get the orginal IP of a request that comes through an anonymus proxy server.

Case study and work around :

IN case of AOL browser users in india sometimes the request is sent through a proxy server in US, so when indian user try to access the app, the geo target code will block the access as it consider the request comes froma US located computer.

So in such case a work around is let the geo target code in the application page redirect the user to a response page which shows a warnings as their computer is in invalid Geographical location and in that page give an option to the user so that if they are still in India cant access the application the put a link for them to restart the application by sending an additional url param to block the geo target code in home page of the app.

That is ,

suppose you invoke your web app like this


in userapp.php we have a geo checking code, so if it detects the IP as outside of india it will redirect the user to a response page

may be the response url like this


here the "rs=_UY688gs79KJG=" part i sthe base64 encoded query string of the app invoking request, ie, "go=1" part of above url.

so on the response page you can show the GEO fail message and put an option to the user
(if he/she is in India still cant access app) to reload the app like this


the "go=1" is taken by decoding the "rs=_UY688gs79KJG=" part from response url

so in the app startup page you can disable the geo tracker based on the param "geo=disable".

You can make this check in the response page for particular type of browser users so that the action can be more refined.
You can apply your logic in this..

If any one have a better way please comment.

Thanks, hope this helps some one.

User Comments:

Dries said: I did a test with tracking the location of users, based on IP & GPS and the result was pretty stunning. I cached locations within a range of 20 house numbers. Freaky actually if you think about it. Dutch article though tracking location with Google Analytics

Share this!

How to link to this page?
If you wish to link to this page from your website, simply Copy and paste the above HTML code to your web page. It will appear on your page as:
Getting Actual IP Address for geo tracking.

comments powered by Disqus

This Weeks 7 Popular Posts

Subscribe to Recent Posts by Email
Stay connected to CROZOOM with regular Email notices of new Techie articles and IT Jobs. Updates will be delivered to your Inbox as soon as they are posted online.

Enter Your Email Address:  

Delivered by FeedBurner   RSS Feed

Search this Blog   

Urgent Openings for PHP trainees, Andriod / IOS developers and PHP developers in Kochi Trivandrum Calicut and Bangalore. Please Send Your updated resumes to recruit.vo@gmail.com   Read more »