Home > Mobile >  Get client IP address behind proxy server Angular
Get client IP address behind proxy server Angular

Time:01-03

We have a requirement in angular where we need to capture the IP address of the client. I have gone through multiple options many of them is using following URL to get the client public IP address.

"https://api.ipify.org?format=json"

My point is how to get the client actual IP address behind proxy server like in asp.net we have server variable ("HTTP_X_FORWARDED_FOR") that keeps the track of the original IP address from where the request is originated.

Is there any alternate in angular for this?

CodePudding user response:

You can't get the actual IP address. Not if someone wants to hide it. Btw "behind routers" is meaningless, because behind routers you have local networks with local addresses. There's nothing you can use such address for.

Proxies, VPNs, Tor network, they all exist to make retrieving source IP address extremely difficult. While some people claim it is possible for example to monitor Tor endpoints and correlate requests to actually determine the real IP, I doubt you or me would be able to this. Plus I really doubt such claims, there were lots of false rumours about Tor being broken.

You mentioned X-Forwarded-For header, so let me explain how things work over the internet. Because there's some misunderstanding. Here's how a simple communication between client and server works:

CM --> P1 --> P2 --> P3 --|--> RP1 --> RP2 --> FS

where:

  • CM = Client Machine
  • P1, P2, P3 = Proxies, routers, NATs, all of the weird internet stuff that you (the developer of some app) has no control over
  • RP1, RP2 = Reverse proxies, the same as above, except you (the developer of some app) has full control over. You created those servers. These can be for example HAProxy load balancer connected to nginx
  • FS = Final Server, the machine that actually catches the request, interprets it and handles it

The | separates things that you have full control over from those that you have no control at all. Of course the number of servers/proxies/routers/nodes varies, it is just an example.

Typically when FS wants to know the IP of the client, it cannot simply read it from the transport protocol (e.g. TCP), because it will point to RP2 IP. So people invented X-Forwarded-For (in case the entire communication goes over HTTP). RP1 stores the clients ip in X-Forwarded-For header, and pushes it to RP2. RP2 takes that header and pushes it to FS. And finally FS can read that header to discover the "real" client's IP. They can do this, because they have full control over RP servers. They can't do this for P servers of course.

So what exactly is the "real" IP here? What exactly FS reads? It is the IP of P3. And that's all we can get. We will never know the chain of proxies behind P3. From the servers perspective the chain looks like this:

... Client --|--> RP1 --> RP2 --> FS

And there's not much we can do about it. Unless you do some very sophisticated monitoring and data analysis, beyond the understanding of simple mortals like us. And definitely not in real time.

That being said, there might be some P servers that actually expose the real IP through X-Forwarded-For header. But (1) this is probably rare (Tor doesn't do this, probably no VPN does this), (2) you shouldn't rely on it (easy to forge such information) and (3) you will actually need a server that properly handles this, you won't do this only on frontend side by calling a random internet URL.

All in all: from your perspective (frontend developer), calling the mentioned URL to get public IP is the best you can do.

Side Note: note that this works both ways. Clients don't know the address of FS. They only know the address of RP1, and that is the server for them.

  • Related