$_SERVER['REMOTE_HOST'] empty for some users

Question

I have activated

HostnameLookups Double

in my Apache2 configuration, so that I can store user's remote hosts and rest assured that their IP addresses are real and not spoofed.

However, I noticed that for quite a few of my 'users' (people entering a form), the $_SERVER['REMOTE_HOST'] is just empty (while for most others it is nonempty), despite the above configuration. Does this mean that these users have spoofed IP adresses, or could these still be honest and regular users? What else could explain this?

Answer 1

Not every host has a host name :)

You probably wanted to use 'REMOTE_ADDR'

Answer 2

Just use this:

if(isset($_SERVER['REMOTE_HOST'])){//check
    $ip = $_SERVER['REMOTE_HOST'];
}else{
    $ip = $_SERVER['REMOTE_ADDR'];//else assign the real IP
}
echo $ip;

Answer 3

Quote from Apache documentation:

The value Double refers to doing double-reverse DNS lookup. That is, after a reverse lookup is performed, a forward lookup is then performed on that result. At least one of the IP addresses in the forward lookup must match the original address. (In "tcpwrappers" terminology this is called PARANOID.)

I suspect that if the forward lookup doesn't match then the field is left empty.

As @avnr said, there's not always a PTR record for an IP address.

And in any case that doesn't ensure the IP is not spoofed, it just ensures that the DNS configuration of the original IP has a PTR and a A record matching.

Answer 4

Try this

$ip = getenv('REMOTE_ADDR'); instead of $_SERVER['REMOTE_ADDR'];

 getenv() is used to get the value of an environment variable in PHP
 $_SERVER is an array contains server variables created by the web server.