Invalid address in $_SERVER ['REMOTE_ADDR']

Hi!

Now I noticed that my php site incorrectly determines my IP ($_SERVER [‘REMOTE_ADDR’]). I am using nginx, which is configured according to the instructions Restoring original visitor IPs – Cloudflare Help Center . There is definitely no error in the configuration - everything worked before, the current lists of IPv4 and IPv6 addresses are taken from here https://www.cloudflare.com/ips/ . The scripts use a check for the user’s IP address and today I noticed that the check does not work. I started to understand and realized that my address for Cloudflare is defined as 193.233. x. x, which is actually not true.

Can you tell me what could have happened?

Your description is not overly clear.

  • What do you mean by “invalid address”?
  • You say your address is defined as 193.233. Do you mean your client address?

Addresses can generally contain “invalid” IPv4 addresses and that happens when the original requests came from an IPv6 address and when Cloudflare needs to pack that into an IPv4 address.

Apart from that Cloudflare will simply save the actual client address in the appropriate header and your correctly set up rewrite should transfer that over to REMOTE_ADDR.

If that is not happening, it might be that someone is connecting directly to your server and manually sends Cloudflare’s header and fools your server in that way. You’ll need to make sure to only accept connections from Cloudflare.

My working computer’s IPv4 address is 95.80.x.x. I, as a client, go to my website on my server - nginx defines my address as 193.233.x.x

IPv6 is not used anywhere either on the server with the site or on my computer. So it’s not about IPv6.

There are no third-party connections to deceive the server either.

A couple of weeks ago, maybe more, I logged in from the same computer, from the same IP address 95.80.x.x everything worked - my client address was determined correctly.

Mysticism…

Save this in a PHP file and post the URL here.

<?php print_r($_SERVER['REMOTE_ADDR']); ?>

$_SERVER[‘REMOTE_ADDR’] return 193.233.157.179

My real IP 95.80.x.x

You already wrote that.

Sorry https://imageup.ru/ip.php

I just checked it and it returned the correct address. This will be something local. Check if you have any VPN and scan your machine, maybe something is hijacking your traffic.

What’s the output of https://imageup.ru/cdn-cgi/trace?

1 Like

fl=87f390
h=imageup.ru
ip=193.233.157.179
ts=1631720015.487
visit_scheme=https
uag=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
colo=DME
http=http/3
loc=RU
tls=TLSv1.3
sni=plaintext
warp=off
gateway=off

There is no VPN, there are no viruses either. If you disable the proxy in the Cloudflare settings, the IP will be correct.

Very strange, I’ll try to check their IP addresses at home.

That shows the same address. Your traffic is definitely routed via that address, for whatever reason.

Can you visit sitemeer.com and tell me when you did so?

That’s slightly odd.

Can you post the output of these URLs again?

https://imageup.ru/cdn-cgi/trace
https://cloudflare.com/cdn-cgi/trace
https://playingwith.cf/cdn-cgi/trace

1 url:
fl=87f105
h=imageup.ru
ip=193.233.157.179
ts=1631720899.749
visit_scheme=https
uag=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
colo=DME
http=http/2
loc=RU
tls=TLSv1.3
sni=plaintext
warp=off
gateway=off

fl=87f261
h=cloudflare.com
ip=193.233.157.179
ts=1631720942.759
visit_scheme=https
uag=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
colo=DME
http=http/2
loc=RU
tls=TLSv1.3
sni=plaintext
warp=off
gateway=off

fl=87f328
h=playingwith.cf
ip=193.233.157.179
ts=1631720963.498
visit_scheme=https
uag=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
colo=DME
http=http/2
loc=RU
tls=TLSv1.3
sni=plaintext
warp=off
gateway=off

In all three cases your address was 193.233.157.179. When you visited sitemeer.com earlier, you 95.80.x.x however, though that’s still a Russian address.

You said you address is 91.20.XXX.XXX, which should be a German address, right?

I am afraid it really seems as if your traffic was routed through Russia.

What does my ip address - Google Search say?

I’m sorry, I got the address wrong. My real address is 95.80.x.x. So, everything is correct here, I am from Russia.

I ask you to hide it from your message, if possible.

Only why, the site defines my address as 193.233.157.179 - I still did not understand.

Address redacted.

1 Like

Thanks.

Google say:

95.80.x.x
Your public IP address

But https://cloudflare.com/cdn-cgi/trace gives you that 193 address again?

But https://cloudflare.com/cdn-cgi/trace gives you that 193 address again?

Yes.

I was answered in a personal message:

Thanks for letting us know. We agree there is an issue and we’re looking into it.

So we are waiting…

In that case I could only imagine that the Moscow PoP currently has some issues, though it would be odd as Sitemeer got the correct address and I assume that routed via Moscow as well.