Hello, I have a PHP page that receives ajax requests from another page, in another hosting, this was possible using header('Access-Control-Allow-Origin: *');
So far so good, but I'd like to know where the requisition comes from, is that possible?
Example: I have the server1.com page that received the request from a page on server2.com / em> you sent.
The most efficient method is to make a type of register of your servers and then compare the IP, this you can do in several ways, some very ingenious, but the goal here is to give a base.
<?php
$ip = (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) ? $_SERVER['HTTP_CF_CONNECTING_IP'] : (isset($_SERVER['REMOTE_ADDR'])) ? $_SERVER['REMOTE_ADDR'] : '0.0.0.0';
$servers = [
'server_1' => '209.244.0.3',
'server_2' => '208.67.220.220',
'server_3' => '189.38.95.95'
];
$result = array_search($ip, $servers);
var_dump($result);
In the $ip variable, we use two ternary operators to capture the IP of the requester. It's basically an extra validation to avoid errors and, in case you are using CloudFlare on the destination server, it takes the actual IP and not the CloudFlare IP.
Then we have an array $servers with the list of servers where the key is the name of the server and in the value of the key, the corresponding IP. This would be our "register" of servers. You can do this database if you want, for example.
The function array_search will look for the IP that we get inside our array and, if found, will return the server name, if it does not find, will return false .
That's it.
The trickiest part is getting the correct IP.
I suggest you check the following parameters for IP:
$_SERVER['REMOTE_ADDR']
$_SERVER['REMOTE_PROXY']
$_SERVER['HTTP_CF_CONNECTING_IP']
Implementation:
$ip = array(
'REMOTE_ADDR' = null,
'REMOTE_PROXY' = null,
'HTTP_CF_CONNECTING_IP' = null
)
if (isset($_SERVER['REMOTE_ADDR'])) {
$ip['REMOTE_ADDR'] = trim($_SERVER['REMOTE_ADDR']);
}
if (isset($_SERVER['REMOTE_PROXY'])) {
$ip['REMOTE_PROXY'] = trim($_SERVER['REMOTE_PROXY']);
}
if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) {
$ip['HTTP_CF_CONNECTING_IP'] = trim($_SERVER['HTTP_CF_CONNECTING_IP']);
}
/*
Aqui você decide qual desses valores deseja consultar.
Comece pelo proxy, pois é o que retorna o "IP real", caso a conexão esteja sendo feita via proxy. Quando um cliente usa um proxy, 'REMOTE_ADDR' assume o IP do proxy. Se o proxy for transparente, 'REMOTE_PROXY' retornará o IP real do cliente. Isso é também muito útil para pegar "hackerzinho" que usa qualquer proxy pensando estar protegido.
*/
if (!empty($_SERVER['REMOTE_PROXY'])) {
$rs = $_SERVER['REMOTE_PROXY'];
} else if (!empty($_SERVER['HTTP_CF_CONNECTING_IP'])) {
$rs = $_SERVER['HTTP_CF_CONNECTING_IP'];
} else {
$rs = $_SERVER['REMOTE_ADDR'];
}
/*
As vezes o IP pode vir acompanhado de múltiplos IPs.
exemplo: 192.168.0.1, 127.0.0.1
Para detectar esses casos, é recomendado fazer uma verificação:
*/
if (strpos($rs, ', ')) {
$ips = explode(', ', $rs);
/*
Você pode querer checar 1 por 1. Mas isso varia de acordo com a necessidade de cada caso.
Aqui vamos pegar somente o primeiro do array para simplificar a didática
*/
$rs = $ips[0];
}
/*
Faz um IP lookup reverse.
Obtém nome do domínio, caso exista.
*/
$dns = gethostbyaddr($rs);
/*
Imprime o IP e o dns
*/
echo $rs.'<br>'.$dns;
Compare the IP information obtained from the example script above with REMOTE_HOST_BY_ADDR and HTTP_REFERER :
$_SERVER['REMOTE_HOST_BY_ADDR']
$_SERVER['HTTP_REFERER']
If the IP returns empty or invalid, the decision on how to proceed will depend on your business model. Usually a restricted system where it is required a minimum identification of who requests, block or deny access.