I'm trying to get the visitor's country code from Cloudflare through the header HTTP_CF_IPCOUNTRY.
When I use this, I receive the correct country code I am visiting the site from, although this code can change at times.
For example; my country code is supposed to be LK which is shown correctly throughout my site for majority of a session, but sometimes if I navigate to a subpage, open the site in incognito / different browser, change network connections or view from another machine, the code may change, sometimes I get a different code for each page I visit.
There is no pattern to the country code changing hence why I use the word "sometimes" and seems to be random.
I'm not using any proxies or VPNs on top of my internet connection, and my IP remains the same whenever the issue arises.
Does anyone have to faintest idea as to why these codes might be changing?
The entire technical foundation for geolocation-by-IP is fairly weak and not a precise science. It's just based on large data accumulations, and all large data accumulations have some margin of error. It's entirely possible you're on an ISP which may sometimes route requests through one IP internally and sometimes through another, and that one IP is associated with one country but the other happens to be associated with another country in that large database, rightly or wrongly. Or any number of other factors why CloudFlare may see your request coming from one IP or another at times, and/or why that IP may be listed as one country or another in their database. Maybe the IP changed recently, and that updated database hasn't been rolled out to all of CloudFlare's edge servers yet, and sometimes you're hitting a server with an outdated geo-IP database.
You've just found an edge case that flipflops becauseā¦ reasons.
Related
We are in a business where we need to block visitors from certain areas or countries. We want to show 403 error page when visitors comes from that certain areas.
Now what we can do is, on every request, get the visitors IP address and get the country name for that IP using any third-party services like Telize or ipapi.co and if it from that country, stop and show the error page.
But the problem is, it will check for all others visitors and if we do a curl on every request, it will definitely slow down our website.
Is there any way we can get the country name from IP address without using any third-party service or curl request or anything that will not slow down our website?
We are using PHP & Symfony 3 framework on a VPS, and speed and performance are very important for us, in case it helps you.
At this moment we want to block visitors from Cameroon, is there any range of IP is assigned for Cameroon?
You can use the Maxmind GeoIP library for php.
The idea is that you download a database (which is just a file) containing geographical information for all the IPs in the world. Since the database is on your server, and you call it using the library, it won't slow down your server. Actually, getting the country code from an IP is so fast the performance impact will be negligible.
The database is updated regularly, so you can periodically re-download it to stay up-to-date. You can get details about the downloadable databases here.
You may generate the htaccess deny file for Cameroon IP ranges at https://www.ip2location.com/free/visitor-blocker, and block them at htaccess level, which will be much faster.
I have created a Business Management System which is to be used by retailers with or without multiple sites.
It is important that a logged in user identifies his/her location, or site, so that the system can perform site related tasks automatically.
I currently have a database of locations which includes an IP Prefix field, when the user goes to the log in page it looks for the first 5 digits of the current IP address, then:
If start of current IP matches a stored record it assumes user is at
that site.
If no IP matches then it asks the user which site they're in and asks them to update the IP.
This basic, and manual check works when the sites are a fair distance away or are on different ISPs for certain, the update is usually only required after a router restart and I've been using the system myself for about 4 years with no issues... BUT... I am not confident with it, so my question is; is there a better solution?
I realise the IP address is probably not the way as the best that gives me is the location of their ISP, but that's not what I need.
In case it matters I am using ASP.NET coding in VB
Also, should mention, I'm looking for desktop based application, not mobile.
I think you are going to have to rely on user input for this one. It's impossible (or at least, very very difficult) to know whether a user is using a proxy or not, and if they are you have no way of knowing where they really are. This is right and proper; would you trust every website you access with that kind of information? I sure as hell wouldn't.
You can't use the IP address to give you 100% reliable location data if your clients connect over the internet (they could be going through a proxy or as you said you might just get the ISP's IP address)
Your best bet is to use javascript to get the users geolocation: W3 Schools Example
More complex example on html5demos
No, of course it is not possible to reliably locate an user by IP Adress.
That adress can be faked, so the base of your info is not reliable.
I am building a service which requires me to dynamically launch and close servers at many locations around the world, (for example using AWS). When a user visits my domain they need to be assigned to a local server with the lowest latency.
By assignment, I mean that for example the client makes an ajax call to example.com/getData, it should go directly to one particular server that is has been assigned to. Different servers will be doing different computation, so it is not sufficient to have some kind of general load balancing.
What general mechanisms/technology would allow me to 1) Assess the latency between a particular client and any server under my control? 2) Assign a particular client to a particular server? I cannot use just the IP addresses for example, since javascript has domain name based restrictions.
Thanks
Note: I do not have enough reputation to link all the technologies in the response, therefore sometimes you will see the links copied in plain text.
1) Assign users to a local server with the lowest latency is not always possible.
Sometimes the geographically closest server to a user is unexpectedly the one with the highest latency.
To find the lowest latency between your (running) servers and the users is not an easy task.
There might be many different hops (routers) between the client and the server, and any of them at any time can have problems, routes update, packet congestions and so on.
The quickest way to assess the latency is a ping, but it can be that the firewalls block this.
So the best way to achieve this is to use the anycast
All the major CDN providers implement this method. Some use the TCP anycast, which seems to be not recommended, and others UDP anycast. It is an open debate.
Anyway in order to implement anycast you need to be able to peer with the ISP routers, and normally this is not possible. Additionally there are good peers and bad peers.
Finally All this requires a deep knowledge of the routing protocols and the TCP/IP stack.
A quick and dirty solution could be to use BIND with the GEO-IP patch.
So you can define specific dns query responses per country.
What I mean is that, for instance, if you have a server in UK and one in US you can configure BIND to respond to users coming from europe to hit the UK server and users coming from US to hit the US server.
2) To assign a particular client to a particular server you can use the technique I described on the point 1 or you can use a proxy and sticky sessions.
HA-Proxy is a good product to achieve this. (the URL: xy.1wt.eu )
3) if you use the point 1, you will not have problems with cross domain ajax calls. In fact it is completely transparant for the client. For instance for the same domain example.com a user coming from US will resolve it to 1.1.1.1 whereas a user coming from Germany will resolve example.com to 2.2.2.2 (ip addresses are fake and used just as an example).
On a side note, a solution to do cross domain ajax call is JSON-P which has though some drawbacks, like the lack of support for POST.
If I were you I would go with the BIND and GEO-IP, because it would solve all three problems in once. (a part for the latency because is not always true that the geographically closest server is the one with the lowest latency.)
If a person clears their cookies and changes their IP address, is there ANY way for a website to identify that computer as a computer that has "been here before"? In other words, no identifiable information like MAC can ever be known over HTTP, right? (I've looked through the list of headers and only see cookies and user-agent).
Also - same goes for a mobile device. If the mobile clears cookies, is there any way to identify it as a repeat visitor?
Thanks!
Chad
If you look at a site such as browserspy, you will see that a website can find out quite a bit more from a browser then the stuff you see just by looking at your request headers. And security researchers have done some investigation of the idea of uniquely identifying a browser based on those characteristics (e.g. what plugins you have installed, what fonts you have installed, etc.). But nothing like this is truly reliable (for one thing, much of this will change simply by switching to a different browser on the same computer). There is certainly no "official" unique identifier such as a MAC address.
Not at the application level. As you correctly determined, the user can change everything that is sent in an HTTP request.
As for the MAC address, the MAC address is used in the link level of the internet protocol. It is not transmitted along multiple hops when making any sort of internet communication, thus unless you are 1 hop away from the client, you cannot use this information either.
Bottom line, can't really be done. If someone really wants to be forgotten, then they will be forgotten.
There are other ways to identify individual users without cookies -- based on a variety of information leaked by the browser and associated plugins. Check out Panopticlick for an example. It's probably not as effective with mobile browsers because (as far as I know) they don't have plugins like desktop browsers.
As others have said, no, there's nothing you can do for normal browser access.
For mobile devices (at least via WAP) there is an extra CGI parameter (the name of which escapes me) which the gateway is suposed to populate with an identifier which is unique to that mobile devices phone number - however implementations vary.
C.
If there were a (toggle-able) program available that would intercept the requests for the font-list at the O/S level, and return a bogus list, resembling a machine's list right after the O/S has been installed -- and perhaps the list could be modified slightly each time by including or excluding some randomly chosen font not from the basic list-- then a huge percentage of the identifying bits could be removed from your browser's "fingerprint", and you're no longer uniquely identified but blend in better with the herd or the flock.
I have a web service where i do different things according to where ones IP is from. I have a simple test application where i open a WebClient and makes it call the web service. I would like to be able to change the IP on the test application so that it "seems" that it comes from different countries (this will help me test goals in google analytics too) - is this possible - to change/simulate that my application is located in another country (France, Germany, Belgium, England, US, etc...)
It's possible to use a Proxy or an VPN Tunnel, but you'll need an End-Point in the country you want. But, there are also plenty of lists around the web for this.
The other answers more accurately provide a solution, but you could always fake it. Utilise your own small private network and provide a facade to handle IP locationing for DEBUG vs. PRODUCTION mode. All of this of course wouldn't trick Google ;-) but it would help solidify your application.
Sorry for possibly being redundant.
The obvious solution is to "bounce" through a proxy ser ver in each of the countries you wish to test for. I've had good luck in the past with sites such as proxy2free or publicproxyservers in the past.
Other solutions would involve running a client from a host in one of these countries, by way of a VPN / RDP / RAdmin-type session, but that implies owning assets or knowing people in these countries who would trust you with using their hosts in this fashion.
Another solution involves a bit of a program change in your application. By detection of a particular trigger (could be one of several different IPs but from the same country where you reside, could be some added parameter on the url such as &ctrytest=Spain etc.) your application would substitute the IP with one of several foreign IP (from the desired countries) at the level of the country detection logic in your code, but otherwise using the real IP from your client request to actually serve the application.
You probably realize it based on the previous answers, but just to be sure: IP addresses are not a certain indicator of the country a user is in. For example, I once worked in the US for a UK-based company, and we used IP addresses allocated to a UK-based ISP.
Ultrasurf may help: http://ultrasurf.en.softonic.com/
I don't think you can specify though, exactly where in the world your request is sent from.