I'm developing an application where it seems likely that people will attempt to hide what their client IP address is behind a proxy server.
Is there a unified way to get what the actual client IP Address is behind the proxy? Looking at the Ruby docs, it explicitly states that
request.remote_ip
and
request.remote_addr
both would return the proxy address and not the actual client IP and I'm thrown by the "may contain" descriptions in the rest of the HTTP headers.
It depends if the proxy supports X-Forwarded-For. I'd run some tests to be sure that remote_ip isn't what you're looking for - based on a quick glance at the code it attempts to read the HTTP_X_FORWARDED_FOR header.
I'm typing this from a machine that's behind a proxy. I'm not "hiding", it's how my organisation (and most others large enough to have a server) works. I don't have a fixed IP address: it's allocated dynamically. So I can't see how knowing my "current" IP address is going to help, since it'll be different tomorrow. Heck, I may be connected via a different proxy tomorrow (I work for a large organisation)!
At home, I have several machines connected through a router. Again, I don't have a fixed IP address: it's allocated dynamically by my ISP. It's a large ISP, so there's probably a proxy server somewhere upstream.
So I think what you want is not technically possible. What kind of application would make it "likely that people will attempt to hide what their client IP address is" anyway? What problem are you trying to solve?
Related
Lets say I use DNS to configure ftp.mysite.com to my site's IP, I want to give clients the credentials to use the ftp site. Can I give them the URL (ftp.mysite.com) OR should I give then the IP directly (even though the URL points to that IP).
Am I risking compatibility issues of some sort?
Do not use an IP address, always use a domain name. A domain name is less likely to change and carries more information than an IP address.
While a domain name is indeed just an alias to an IP address, a single IP address can be used for multiple domains. This is common with virtual hostings.
In this case, an IP address may not carry enough information. This more common with HTTP, where a domain name, that is otherwise lost in domain-to-IP resolution, is provided to an HTTP server using Host: HTTP header.
FTP protocol has a similar mechanics, the HOST command. But as that command was introduced relatively recently, it is actually quite rare that an FTP server relies on this. Even on shared hostings, a domain is usually included in an FTP username to allow even FTP clients, that do not (yet) support the HOST command.
See also Do the SSH or FTP protocols tell the server to which domain I am trying to connect?
there is no deference. you can give either you IP or your domain name. once people have the domain, they can get your IP very easy.
the domain can be better choice in case the IP is going to be changed.
Most FTP servers are hosted on port 21 (or 22 for SFTP).
ftp.mysite.com usually points to localhost:21 or localhost:22
So there is no difference, except for the ports.
I know in airports, for example, I've connected to their AP, and it pops up a browser window to log in on my device. Is it possible to do so with NodeMCU in lua, or even with c firmware?
This can accomplished by setting the DNS server for a connecting client [via DHCP] to a sort of DNS proxy. It doesn't need to be a fully featured DNS server, it only needs to be able to either return a static DNS answer for any host name query or forward the request to a real DNS server, to resolve host names as usual.
The static answer effectively hijacks web requests at the DNS level, by forging the DNS answer, causing all host names to resolve to the IP address of a local web server. That local web server ignores any Uri details and serves a login prompt for every request. It must also maintain a list of client MAC addresses that have authenticated.
NodeMCU does have a built-in DHCP server, as part of it's built-in WiFi AP, but running both a web and a DNS proxy in ESP8266's limited memory would be a hell of a trick. I think that two of them working cooperatively, interfaced using the SPI bus might be workable... maybe even three of them, one dedicated to maintaining the list of authenticated MACs, expiring them, etc.
Note that the only part of this I have done on an ESP 8266 is some very simple web server functionality, so it's mostly theory. If you try it I'd be very interested in hearing about it. :-)
You might want to try out CaptiveIntraweb project (https://github.com/reischle/CaptiveIntraweb) which is based on NodeMCU.
There is also thread (http://www.esp8266.com/viewtopic.php?f=32&t=3618) on ESP8266 community forum that discusses the solution details.
I'm using the Play Framework which uses http://localhost:9000 by default. I'm also trying something with Twitter and it needs to use a callback url for authentication, but Twitter won't accept http://localhost:9000 as a callback URL.
How can I configure my localhost to map to something like http://mylocal.loc, (similar as with an Apache vhost), instead of http://localhost:9000?
The problem is that the URL needed to be entered in the following format:
http://127.0.0.1:9000/twitter-callback
The above works perfectly as a Twitter callback address.
Twitter isn't trying to access localhost directly, it simply takes the above address as far as I understand, sticks it into the HTTP response header, prompting whichever browser being used to perform a straight forward 302 redirect.
The following blog post had some invaluable information in regards to this question:
http://www.tonyamoyal.com/2009/08/17/how-to-quickly-set-up-a-test-for-twitter-oauth-authentication-from-your-local-machine/
The reason that twitter can't use localhost as a callback url is because localhost is a redirect to your computers loopback interface. In other words, localhost is always the computer that you're on. In order for other computers (including twitter) to access your host, you need to use an external IP address, or a hostname.
To get your IP address, visit whatsmyip. This will tell you your external IP address (which other computers on the internet can access). If you have a static IP address, you can purchase a domain name, or get a free one from something like no-ip or dyndns to make it easier to remember and type. You'll need to point a DNS record from that domain to your IP. You'll also probably need to do some port forwarding and stuff to get it to go to your computer on port 9000, rather than your router (dependent on your network setup).
Possibly an easier option would be to obtain a free hosting/domain service whilst you're testing.
EDIT: josef's problem was not related to the absence of internet access to his local server, see his own answer for what was going on and a solution. This answer handles the case where a local server needs to be visible from the internet.
localhost, aka 127.0.0.1 is the name that on each computer points to the computer itself. So Twitter looks at itself, obviously doesn't see the service, end of story.
If your computer is connected to a local network, most likely that network is NATed and using private addresses like 192.168.x.x, 10.x.x.x or 172.16x.x.x. These addresses are private (not known outside of the local network because not routed on the internet), so that doesn't help you either.
What remains is your public IP address, ie the address your router gets from your ISP. Via DNS you can map that address to a name, a free service that allows you to map a fixed name also to a variable address is DynDNS.
But wait, there is more! Your router protects your network by not allowing traffic originating OUTSIDE the private network IN, unless you define some forwarding rule in the router, in your case a rule that forwards incoming tcp traffic on port 9000 to your machine's port 9000.
Once all that has been taken care of, your computer will be accessible from the outside, and your callback should work.
Edit your hosts file and add the following line:
127.0.0.1 mylocal.loc
For Windows, it is located in C:\Windows\System32\drivers\etc\. On *nix, you can find it in /etc.
When I visit my Rails 2.2 app on my remote server I receive the following value as my REMOTE_ADDR.
request.env['REMOTE_ADDR']: "75.184.124.93, 10.194.95.79"
What has me stumped is why there are two IPs. A quick check of my currently leased public IP confirms that my IP is 75.184.124.93.
So where is 10.194.95.79 coming from?
Is there something about how remote addresses are collected and reported in the HTTP headers spec that I'm missing? Is this expected, normal behavior?
It's definitely because of a reverse proxy.
Reverse proxies (I use BigIPs and Apache mod_proxy mode often) usually append all the intervening IPs to the list so you can pick out the right ones in your code.
For example, you might want to find the public one to log to your webstats application, so there it is right in the REMOTE_ADDR. But you also have the internal IP(s) so you know which loadbalancer it came from, which internal server its on for some kind of internal network tracking, etc
I have a Ruby on Rails application running on localhost:3000. I would like to make it available world-wide, using x.x.x.x:3000 (my IP address).
I'm on Windows XP SP3.
Disable your firewall(s)
Ensure you have port forwarding for your computer enabled in your router (if present)
Thats all! ;)
The key is to run it on the internet facing network adaptor, which might already be doing. You then need to to set up port forwarding on your ADSL or cable modem, if you are behind one (or a similar NAT device). Finally, get a friend to attempt to connect to you.
You might want to use a DNS service to alias your IP address, so people don't have to type it in by hand.
If you specifically need "localhost:3000", then go for #Joe answer, but if you do not care about the URL, you can use https://ngrok.com/.
Simply download it, then run ngrok localhost:3000 in terminal.
You would probably want to ensure that you have a static IP address to start with. You can apply to your ISP for one of these.
You then want to ensure that you have adequate security in place...there are tons of books etc about hardening your server.
If you have a static IP address, you'll need to turn off your firewall and you should be able to reach your machine. (Turning off your firewall isn't really a good idea, but that's a different question.)
If you have a dynamic IP address (you probably do if you're not sure), you need to look into something called "Dynamic DNS", as this will allow our computer to have a constant name, even if the IP address changes. Note that with all the technologies at play these days, your IP address locally is usually not the same one you see publicly. This can be a bit confusing if you're not sure what's going on.
All that being said, most people would opt for some sort of external hosting. This is much better from a security standpoint. Look at heroku for rails hosting. Their free option may be exactly what you need.
If you are running Apache on Windows, there is a button in the Apache tray icon. I can not recall the name but is something like ''go live''. And of course you have to set up the firewall or port forwarding on your router.
You answered your own question. IP addresses are unique over the internet. Just type in the x.x.x.x:3000 and you're there. If you want a human-readable address like yahoo.com, look into dyndns.com or other free domain-name services.