I'm trying to get the client IP as a way to save a particular user so the server knows who they are next time they visit, without having the need to login/signup for anything. This is a React front end with a NodeJS backend.
I tried my app locally and it seems to work fine. But I tried deploying it to Heroku and now I'm getting different IP addresses each time I reload. It keeps the same IP for the duration of the visit, but once I reload (refresh) the page, my IP changes..
[Method: 'POST'] [Path: '/api/posts'] [IP '::ffff:***.63.***.219']
[Method: 'POST'] [Path: '/api/posts'] [IP '::ffff:***.47.***.144']
(actual ip modified)
this is my console, as you can see the IP is completely different, and it looks nothing like my IP. I'm getting the IP from the request object (request.ip).
Why is the IP different each time on Heroku but stable on my local machine? is there another method for getting the client IP that I should be using? or is this a Heroku problem? I've looked for answers about this but I have come up empty which makes me think this is specific to Heroku.
According to the Heroku Documentation, all requests are going through a Proxy which acts mainly as a load balancer (If I have it correct in mind). You can use the custom HTTP-Headers to get the client ip address, but it is not recommended!
Additional:
For security reasons you should avoid to use the IP to identify a user, because that can cause session hijacking. Use technologies like cookies instead!
Related
I have an app running on a server where I access using the servers ip. But now I need to have a subdomain configured in order to make an external API work but I have no clue of how achieve it.
Now I access to my server using IP -> XX.XXX.XXX.XXX:3000
And I need to change it for something like -> myapp.companyname.com
You don’t, because the Internet doesn’t work that way.
You create the subdomain by configuring the DNS server for the domain to point that subdomain at the IP address.
If you want to change the port number (from the default of 80 to 3000) without putting it in the URL itself, then you need to change the Node.js program or put a proxy server in front of it.
This is indeed a notorious problem with distributed web development. Presumably your API requires you to register your own hostname in some sort of allow-list, and then checks incoming requests for matches to that allow-list. (Why? Cybercreeps.)
You need to find out the IP address of your development machine (not 127.0.0.1, that's the loopback IP and every machine has it). It's OK if your development machine's address is on a private network, like '192.168.0.20for example. Give the commandifconfigand look for the address (it'sipconfig` on Windows).
You then need to put that IP address into a DNS server.
Here's a free way to do that.
Create a FreeDNS account by visiting https://freedns.afraid.org/
Click on Subdomains.
Click the Add link.
Create a subdomain hostname under one of FreeDNS's public domains. Maybe javier.ortega.mooo.com is a good choice
Put your machine's IP address into it.
Then, use https://javier.ortega.mooo.com:3000 to hit your development machine's nodejs app.
You can pay FreeDNS to register your own domain name and use that if you prefer.
The solution I needed was modifying the file hosts from -> system32/divers/etc/hosts and adding there the configuration relative to the ip - domain relation I was lookin for.
I have built a websocket in C++ (using boost::beast).
It is going to serve a website (client) with a JSON string if requested.
When designing my setup I made a disastrous mistake: I forgot that the client web browser (that is running on a separate device from the server) will not know the IP address of the server. It will know the port that the server is listening on.
I should specify: Both (server and client) are running in a local network.
So I have two clumsy ideas to resolve this. I would be very happy to hear your input – I am sure there will be a more elegant way to fix my problem.
Send some kind of broadcast message “Very specific string” into the network. My server will know that it is been looked for and will respond with its IP, so that the connection can be established.
This post seems to indicate that this approach will not be possible.
Have the user input the (known) IP address of the device that is running the server. I would really like to avoid this last resort solution.
Unfortunately, I cannot run node.js on the device that is hosting the websocket server.
I might not be understanding the problem. Why aren't you capable of knowing the IP of the server? Is it due because it changes? Is it because it's a server you don't know?
Maybe the solution is not about finding the IP rather than knowing beforehand the server IP address.
I could recommend checking out this post to find out the IP address in your local network. If you at least know the servername of the server that could be helpful.
#E.Soria
Thank you for your answer! I was not precise enough.
The problem was, that the server is running on a device that is going to be part of our customer’s network. The customer will define the IP address for the device, which means that I need some way of getting the address of the server.
But I might have found another solution (as you might already be able to tell I am very new to networking, so this just may be wrong): I will host the website on the same device that is hosting the server and supplying the data. Then I can just establish a websocket connection through javascript like this: let socket = new WebSocket(ws://127.0.0.1:8080); and have the website read data from the server. This seems to be very straightforward and I am a little embarrassed that I did not think of this before.
I just had not really understood how the internet works :) As long as the user who wants to see the website knows where it is hosted, he/she can just connect to the website and will see anything that I put on there.
Detecting visitor IP is easy. But how about detecting DNS server ips of a visitor ?
I found this PHP function, however it finds only domain names' DNS.
dns_get_record("website.com", DNS_ANY);
Is it possible to detect visitor DNS server ?
Yes, you can, like detecting page resolution of visitors.
You need own DNS server and force user to resolve unique dns name. If user tried to resolve it then they will leaks to your DNS server own DNS server address. Next to DNS server have to share information who asked about the unique dns name to your web apps.
It's not easy, but it can be done. There's a demonstration of the approach suggested in a separate answer by Adam Dobrawy at http://ipleak.net/
To add a bit of detail, the way you can implement something like this is:
Part 1 - Set up your own DNS server on myspecialdomain.com
This DNS server needs to be custom written to log and store the incoming request and the source IP address. This storage only needs to be for a short period of time, so something like memcache might work nicely.
The DNS response should be an NXDOMAIN.
Part 2 - Your client-side code
In your Javscript make and store a large random number. Make the browser lookup .myspecialdomain.com. Load this via a JS img tag with an error handler.
In that error handler, now make a query to your server side code passing the random number.
Part 3 - Your web application (server side)
You need to implement some server side logic that takes the random string, looks it up in the datastore, and retrieves the IP address of the DNS server.
Note the IP address here will be the IP Unicast address of the particular server, it won't be an IP Anycast address like 8.8.8.8.
Here you can use GeoIP or Whois databases to determine the owner of that IP address (OpenDNS, Google etc). You can then generate a response to send to the client logic.
DNS resolution is not part of the request itself which means there is no way for the receiver of the request to know which DNS was used by the client (browser).
The DNS request happens first, as it is required to resolve the hostname to an IP address. Once this is complete, then a separate request is performed to the address in question.
The answer is NO. All the server got is a TCP connection to the visitor, that is, an [IP, Port] pair. DNS resolution depends on visitor's local configuration and can be done by a proxy.
I've currently run into an issue using Laravel Echo Server on our staging/production servers. Locally, everything works as intended, but deploying to our staging servers has been a bit of a nightmare. As it stands right now, public channels work properly, but we get an authentication error when trying to join a private channel.
I've narrowed this down to being a session issue, where the session isn't being sent along with the socket requests. This seems to be because the staging servers are routed to person.staging.website.com, but the socket server had to be setup at ws.website.com because of some complications with AWS not allowing us access to the SSL certificate to configure the echo server. So we setup a subdomain with a Lets Encrypt to get it up and running.
Now, I realize that I can just change the SESSION_DOMAIN in our .env's to be .website.com, but I'm getting some pushback since people won't be able to be logged into different subdomains at the same time. Is there any way I can set up Laravel's sessions to work with two different, specific subdomains instead of wildcarding every subdomain? For testing, I'd need to set it up at person.staging.website and ws.website.com, but production would need different values.
Any suggestions or clever work-arounds for this?
I'm building an app where the user may occasionally make a search. I'd like to run the search through google, but I'm unsure in the event I have many users if i will hit google's search quota. Any individual user will not make more than one or two searches a day on the app. But cumulatively, it could potentially be much more.
Will doing client side retrival of a google query avoid this problem and not identify my server as the origin ip?
Yes, if you do a GET request from the client, the clients IP will be the source IP
Since you are doing a GET from the client's side, the TCP/IP connection is being opened by the client. So it would be the client's IP that the site would see as the requesting IP. However if you would like the site to see your IP instead, you can re-route the request via AJAX to your server, have your server do the GET and send the results asynchronously back to the client.