[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3090
  • Last Modified:

help curl headers

im trying to open a webpage with a fake ip on my own server for testing my logs in apache access.log
but it still shows my real ip in apaches logs ?


echo file_get_contents_as_mozilla("http://www.my_domains_ip_is.com"); //not a real url

function file_get_contents_as_mozilla($url) {
   // create a new curl resource
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_USERAGENT, 'Internet Explorer/6.0 (X11; U; Windows XP SP2; en-US; rv:1.7.2) Gecko/20040804');
    curl_setopt($ch, CURLOPT_HTTPHEADER, array(
        'Accept-Language: en-us,en;q=0.7,de-de;q=0.3',
        'Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5',
        'X-Forwarded-For: 78.234.34.41'));
    curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
   
    // close curl resource, and free up system resources
    curl_close($ch);

    return $page;
}


0
aot2002
Asked:
aot2002
  • 2
  • 2
2 Solutions
 
ClickCentricCommented:
Why would it be that simple to spoof the ip address?   If you really want to test something in the logs, spoof the UserAgent.  While there are ways to spoof the IP address, there's really no legitimate reason for doing so.  And if I, or anyone else, were to post on here how to do it, it would provide tons of wannabe hackers with details of how to attack websites from a spoofed IP address.
0
 
aot2002Author Commented:
ClickCentric,
its not simple thats why im asking.
there is a legitimate reason im testing a custom ip blocking program for my site security...!
i understand your unsure but lets allow someone else to answer it.

0
 
ClickCentricCommented:
Think about your logic for a moment.  The answer to your question would provide people with a means to bypass the same IP blocking you're attempting to test.  Ergo, the solution would foil your system and negate what you're trying to accomplish.  As I said, there's no legitimate reason for doing this.  If you want to test IP blocking software, ask a few friends to help out by giving you their IP address so you can set it up to block them and then see if they get through.  
0
 
aot2002Author Commented:
i found out how it was done thanks anyway i wont post it so it doesnt upset EE rules
0
 
Richard QuadlingSenior Software DeverloperCommented:
You didn't actually execute the CURL command.

You would need something like this BEFORE the curl_close($ch);

$page = curl_exec();
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now