PHP：获取服务器的IP地址，用户单击该链接重定向到我的外部站点的链接

Question

For clarity imagine this scenario:

• User is on siteA.com
• User clicks on a link directing to my site: siteB.com
• My site wants to determine the IP address of siteA.com upon getting the request, so that it knows the IP of the server that linked to it for this request.

Is there any way to do this with PHP and Apache? If not, is there any way at all to do this?

<?php

// Perhaps something like:
$linking_server_ip = $_SERVER[LINKING_SERVER_IP];

?>

Edit:

So $_SERVER['HTTP_REFERER'] can't be relied on, but I can use it casually I guess (supplemental/opportunistic info to indicate that a referrer isn't from an expected endpoint, if it's not empty maybe. Though it sounds like it's not reliable for even this much given that any plugin clientside could still mangle the value anyway, making a legit referral appear to be from some other server).

I'm still left with this problem:

I need to verify that the server referring to a particular page on my site (which acts as a certificate for that server).

EG Their page has a link to certificate.php?serverid=1234

I want to verify that they're not cheating the system and using this certificate on any of their other servers (eg using siteA's certificate for siteC and avoiding paying for the service that's supposed to have been done on siteC as well).

Even with the crude solution of making the server of siteA http request my server (siteB) to get a one-time use token in order to be validated on certificate.php, they could just use siteA to grab a token each time their other sites need a token to be validated when so they can cheat validation and claim the certificate for siteA.

Answer 1

The HTTP Referer header (yes, that's how it's spelled!) tells you this. It's available in your PHP script as $_SERVER['HTTP_REFERER'] .

(But note that there's no guarantee that all browsers will provide it, and that it can be spoofed. Don't use it to enforce any security policies.)