Getting the client IP address REMOTE ADDR HTTP X FORWARDED FOR what else could be useful

Question

I understand it s a standard practice to look at both these variables  Of course they can easily be spoofed  I m curious how often can you expect these values  especially the HTTP X FORWARDED FOR  to contain genuine information and not just be scrambled or have their values stripped away   Anyone with the experience or statistics on this stuff   Is there anything else that can be useful for the task of getting the client s IP address

User · Answer

I ve ported Grant Burton s PHP code to an ASP Net static method callable against the HttpRequestBase  It will optionally skip through any private IP ranges   public static class ClientIP          based on http   www grantburton com 2008 11 30 fix-for-incorrect-ip-addresses-in-wordpress-comments      public static string ClientIPFromRequest this HttpRequestBase request  bool skipPrivate                foreach  var item in s HeaderItems                        var ipString   request Headers item Key            if  String IsNullOrEmpty ipString               continue           if  item Split                        foreach  var ip in ipString Split                       if  ValidIP ip  skipPrivate                       return ip                    else                       if  ValidIP ipString  skipPrivate                   return ipString                       return request UserHostAddress     private static bool ValidIP string ip  bool skipPrivate        IPAddress ipAddr       ip   ip    null   String Empty   ip Trim         if  0    ip Length            false    IPAddress TryParse ip  out ipAddr              ipAddr AddressFamily    AddressFamily InterNetwork              amp  amp  ipAddr AddressFamily    AddressFamily InterNetworkV6           return false       if  skipPrivate  amp  amp  ipAddr AddressFamily    AddressFamily InterNetwork                var addr   IpRange AddrToUInt64 ipAddr           foreach  var range in s PrivateRanges                        if  range Encompasses addr                   return false                       return true          lt summary gt      Provides a simple class that understands how to parse and     compare IP addresses  IPV4  ranges       lt  summary gt  private sealed class IpRange       private readonly UInt64  start      private readonly UInt64  end       public IpRange string startStr  string endStr                 start   ParseToUInt64 startStr            end   ParseToUInt64 endStr              public static UInt64 AddrToUInt64 IPAddress ip                var ipBytes   ip GetAddressBytes            UInt64 value   0           foreach  var abyte in ipBytes                        value  lt  lt   8        shift             value    abyte                     return value             public static UInt64 ParseToUInt64 string ipStr                var ip   IPAddress Parse ipStr           return AddrToUInt64 ip              public bool Encompasses UInt64 addrValue                return  start  lt   addrValue  amp  amp  addrValue  lt    end             public bool Encompasses IPAddress addr                var value   AddrToUInt64 addr           return Encompasses value             private static readonly IpRange   s PrivateRanges       new IpRange                  new IpRange  0 0 0 0   2 255 255 255                new IpRange  10 0 0 0   10 255 255 255                new IpRange  127 0 0 0   127 255 255 255                new IpRange  169 254 0 0   169 254 255 255                new IpRange  172 16 0 0   172 31 255 255                new IpRange  192 0 2 0   192 0 2 255                new IpRange  192 168 0 0   192 168 255 255                new IpRange  255 255 255 0   255 255 255 255                 lt summary gt      Describes a header item  key  and if it is expected to be      a comma-delimited string      lt  summary gt  private sealed class HeaderItem       public readonly string Key      public readonly bool Split       public HeaderItem string key  bool split                Key   key          Split   split              order is in trust use order top to bottom private static readonly HeaderItem   s HeaderItems       new HeaderItem                  new HeaderItem  HTTP CLIENT IP  false               new HeaderItem  HTTP X FORWARDED FOR  true               new HeaderItem  HTTP X FORWARDED  false               new HeaderItem  HTTP X CLUSTER CLIENT IP  false               new HeaderItem  HTTP FORWARDED FOR  false               new HeaderItem  HTTP FORWARDED  false               new HeaderItem  HTTP VIA  false               new HeaderItem  REMOTE ADDR  false

User · Answer

It depends on the nature of your site   I happen to work on a bit of software where IP tracking is important  and within a field consumed by parter sites I d guess some 20  - 40  of requests are either detectably spoofed IPs or headers blanked out  depending on the time of day and where they came from  For a site which gets organic traffic  i e  not through partners  I d expect a much higher ratio of good IPs   As Kosi said  be careful what you re doing with this - IPs are in no way a reliable way to identify unique visitors

User · Answer

Call the Below Action Method from your JS file  To get the ipv4 ip address         HttpGet      public string GetIP                 IPAddress   ipv4Addresses   Array FindAll              Dns GetHostEntry string Empty  AddressList              a   gt  a AddressFamily    System Net Sockets AddressFamily InterNetwork           return ipv4Addresses ToString            Check after keeping Breakpoint  and use as per your requirement  Its working fine for me

User · Answer

No real answer to your question but  Generally relying on the clients IP address is in my opinion not a good practice as it is not usable to identify clients in a unique fashion   Problems on the road are that there are quite a lot scenarios where the IP does not really align to a client    Proxy Webfilter  mangle almost everything  Anonymizer network  no chance here either  NAT  an internal IP is not very useful for you        I cannot offer any statistics on how many IP addresses are on average reliable but what I can tell you that it is almost impossible to tell if a given IP address is the real clients address

User · Answer

In addition to REMOTE ADDR and HTTP X FORWARDED FOR there are some other headers that can be set such as    HTTP CLIENT IP HTTP X FORWARDED FOR can be comma delimited list of IPs HTTP X FORWARDED HTTP X CLUSTER CLIENT IP HTTP FORWARDED FOR HTTP FORWARDED   I found the code on the following site useful  http   www grantburton com  p 97

User · Answer

If you re behind a proxy  you should use X-Forwarded-For  http   en wikipedia org wiki X-Forwarded-For  It is an IETF draft standard with wide support      The X-Forwarded-For field is supported by most proxy servers    including Squid  Apache mod proxy  Pound  HAProxy  Varnish cache    IronPort Web Security Appliance  AVANU WebMux  ArrayNetworks    Radware s AppDirector and Alteon ADC  ADC-VX  and ADC-VA  F5 Big-IP    Blue Coat ProxySG  Cisco Cache Engine  McAfee Web Gateway  Phion   Airlock  Finjan s Vital Security  NetApp NetCache  jetNEXUS  Crescendo   Networks  Maestro  Web Adjuster and Websense Web Security Gateway    If not  here are a couple other common headers I ve seen    X-Client-IP  Apache  X-Real-IP  Nginx

User · Answer

IP    User Agent  could be a better for unique visitor

[asp.net] Getting the client IP address: REMOTE_ADDR, HTTP_X_FORWARDED_FOR, what else could be useful?

Examples related to asp.net

Examples related to http

Examples related to http-headers

Examples related to ip

Examples related to ip-address