[ciapug] php SuperGlobals issue

Ron Mutchler, ZCE qsecofr at gmail.com
Tue Mar 7 15:40:58 CST 2006 

I was googling around for that particular header and ran across this:
I had to turn off my performance cache (part of MacOS X server)
because it was scrubbing the IP's from the access_log records - not on
all records but certainly on all the dodgy records. No worries, I
turned the cache off, found the IPs and ended up writing a script to
auto add the morons to the firewall ban (script to follow in separate
post).

Everything hunky dorey? Nope - both SkipJack and Kathy K sent me email
about my screwed up comment posting. Thanks a million to both of you
for the feedback. I knew that it must have had something to do with
the cache but what? I ended up grabbing a copy of WP and doing a file
compare until I discovered an uncommented change in
wp-comments-post.php where I had replaced REMOTE-ADDR with
HTTP-PC-REMOTE-ADDR as the source for the user's ip address. The
change is required when the cache is running because REMOTE-ADDR
always ends up being self (i.e. the user requests goes to the cache
and the cache then talks to the webserver - the cache is running
locally so the source appears to be local).

Source: http://72.14.207.104/search?q=cache:4lU4Qrsf41wJ:www.guru-international.com/gday_mate/archives/category/admin/blog-hacks/+PC-Remote-Addr&hl=en&gl=us&ct=clnk&cd=14

Also, just scanning google for that particular variable, all it seemed
to reference was OS X somewhere in the quick summary that Google
provides.

http://www.wpec.org/counter/phpinfo.php <-- PHP Info referencing the
same PC-Remote-Addr

That explains why I've never run across that particular problem.  I
guess this thread is one for the files.

On 3/7/06, Chris Van Cleve <vanish at dreamscapevisionery.com> wrote:
> It is, indeed, on an XServe G5. Why would that make a difference?
> (Asking because I'm curious) BTW - Setting all subdomains in DNS to
> point to the 1st NIC also makes the $_SERVER['REMOTE_ADDR'] code work
> as well.
>
> Chris VC
>
> On Mar 7, 2006, at 1:41 PM, Ron Mutchler, ZCE wrote:
>
> > This isn't by chance a Mac OS X Server is it??  If it is, that would
> > explain the oddity very much.  I was assuming Apache on a *nix flavor.
> >
> > On 3/7/06, vanish at dreamscapevisionery.com
> > <vanish at dreamscapevisionery.com> wrote:
> >> The following worked, and is secure enough for our environment:
> >>
> >>       // Getting headers sent by the client.
> >>       $headers = apache_request_headers();
> >>
> >>       // Checking if the client is validating his cache and if it
> >> is current.
> >>       $sec_ip = $headers['PC-Remote-Addr'];
> >>
> >> Chris VC
> >>
> >> Quoting vanish at dreamscapevisionery.com:
> >>
> >>> Ready for things to get stranger?
> >>>
> >>> SO this server has two NICs with two IPs, one assigned to each NIC.
> >>> In the vhost
> >>> setup, the first IP is assigned to the production site. The
> >>> second IP has two
> >>> vhosts. I'm working on a site on one of these vhosts. In the
> >>> phpinfo() output,
> >>> it shows the REMOTE_ADDR as the 2nd NIC (where the site is pushed
> >>> through) yet
> >>> the SERVER_ADDR is the 1st NIC, which shouldn't even be an issue
> >>> as I'm not
> >>> going to the site pushed on that IP.
> >>>
> >>> The good news though is it also shows a PC-Remote-Addr which does,
> >>> indeed, show
> >>> my IP instead of the servers. I hope I can get to that through
> >>> getenv()
> >>>
> >>> Chris VC
> >>>
> >>> Quoting Tony Bibbs <tony at tonybibbs.com>:
> >>>
> >>>> I haven't researched as to why this is but I've noticed that the
> >>>> available supergloabls be different on different setups.  I've
> >>>> particularly noticed this when developing code that needs to run on
> >>>> both *nix and Winders.  I've even seen difference between two
> >>>> different Winders boxes.  I'm sure this is explained on php.net
> >>>> somewhere but my experience is that if you depend on a superglobal
> >>>> being set you need to rely on the phpinfo() output.
> >>>>
> >>>> --Tony
> >>>>
> >>>> vanish at dreamscapevisionery.com wrote:
> >>>>> phpinfo() shows the server ip address under REMOTE_ADDR. I am
> >>>>> hosting the
> >>>>> server, and this code had worked previously, however during
> >>>>> construction the
> >>>>> HDDs were popped out while live and the server had to be rebuilt.
> >>>>> It has not
> >>>>> worked since.
> >>>>>
> >>>>> Is there some system level or apache level setting I'm missing
> >>>>> that
> >>>>> allows this
> >>>>> to function properly?
> >>>>>
> >>>>> Chris VC
> >>>>>
> >>>>> Quoting "Ron Mutchler, ZCE" <qsecofr at gmail.com>:
> >>>>>
> >>>>>> I've used REMOTE_ADDR in my scripts before without seeing what
> >>>>>> you are
> >>>>>> explaining.
> >>>>>>
> >>>>>>     function get_ipaddy() {
> >>>>>>         $ipaddy = getenv ("REMOTE_ADDR");
> >>>>>>         return $ipaddy;
> >>>>>>     }
> >>>>>>
> >>>>>> Have you tried looking at phpinfo to see what it says?
> >>>>>>
> >>>>>> If you are hosting with a company, they could have configured
> >>>>>> it not
> >>>>>> to return that particular variable.  I have a host that
> >>>>>> refuses to
> >>>>>> return PATH_INFO.  I ended up having to look at ORIG_PATH_INFO
> >>>>>> in that
> >>>>>> case.
> >>>>>>
> >>>>>>
> >>>>>> On 3/7/06, vanish at dreamscapevisionery.com
> >>>>>> <vanish at dreamscapevisionery.com> wrote:
> >>>>>>> I'm hoping someone out there can figure out how I've screwed
> >>>>>>> this up...
> >>>>>>>
> >>>>>>> In an include file, I have the following code:
> >>>>>>>
> >>>>>>> $sec_ip = $_SERVER['REMOTE_ADDR'];
> >>>>>>>
> >>>>>>> Which should set the variable to the IP address of the visitor's
> >>>>>>> PC. In my
> >>>>>>> setup, however, it displays the server's IP instead. I tried
> >>>>>>> replacing that
> >>>>>>> with:
> >>>>>>>
> >>>>>>> $sec_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
> >>>>>>>
> >>>>>>> to see if the problem was a proxy issue, but alas no ip is
> >>>>>>> shown.
> >>>>>>> (Yes, I tried
> >>>>>>> the getenv method as well and the $ENV method also. All return
> >>>>>>> the same result)
> >>>>>>>
> >>>>>>> Setting the variable form the original code page has the same
> >>>>>>> effect so it's not
> >>>>>>> some funky problem caused by being in an include file.
> >>>>>>>
> >>>>>>> Any ideas? Anyone? Bueller? Bueller?
> >>>>>>>
> >>>>>>> Chris VC
> >>>>>>> _______________________________________________
> >>>>>>> ciapug mailing list
> >>>>>>> ciapug at cialug.org
> >>>>>>> http://cialug.org/mailman/listinfo/ciapug
> >>>>>>>
> >>>>>> _______________________________________________
> >>>>>> ciapug mailing list
> >>>>>> ciapug at cialug.org
> >>>>>> http://cialug.org/mailman/listinfo/ciapug
> >>>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> _______________________________________________
> >>>>> ciapug mailing list
> >>>>> ciapug at cialug.org
> >>>>> http://cialug.org/mailman/listinfo/ciapug
> >>>> _______________________________________________
> >>>> ciapug mailing list
> >>>> ciapug at cialug.org
> >>>> http://cialug.org/mailman/listinfo/ciapug
> >>>>
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> ciapug mailing list
> >>> ciapug at cialug.org
> >>> http://cialug.org/mailman/listinfo/ciapug
> >>>
> >>
> >>
> >>
> >> _______________________________________________
> >> ciapug mailing list
> >> ciapug at cialug.org
> >> http://cialug.org/mailman/listinfo/ciapug
> >>
> > _______________________________________________
> > ciapug mailing list
> > ciapug at cialug.org
> > http://cialug.org/mailman/listinfo/ciapug
> >
> >
>
> _______________________________________________
> ciapug mailing list
> ciapug at cialug.org
> http://cialug.org/mailman/listinfo/ciapug
>

More information about the ciapug mailing list