How to get exit node ip in PHP app running on tor/lighttpd

Question

I'm having trouble getting the IP address of the exit node that hits my hidden service (PHP). No matter what I try, it comes back as local (127.0.0.1), as if it's going through a proxy.

I have Tor configured like this:

HiddenServicePort 80 127.0.0.1:9028

and Lighty like this:

server.port = 9028

which means the hit against the hidden service should arrive through Tor on virtual port 80, get directed to 9028 on Lightly, and then served to the end user.

I have privoxy installed too but I don't believe it has anything to do with Tor hidden services (I've confirmed this thru the privoxy debug logs).

I've tried code like this:

if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
        return $_SERVER['HTTP_CLIENT_IP'];
} else if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { 
    return $_SERVER['HTTP_X_FORWARDED_FOR'];
}
return $_SERVER['REMOTE_ADDR'];

but the headers don't include any forwarding IP information.

What am I missing? Why can't Lightly see the exit node IP address? Is there a way I could configure a proxy in there somewhere that could alter the headers and inject the X-FORWARDED header? I don't care to lookup the exit node in the public database - I just want the IP address.

Answer 1

You need to check more server vars than that. I would do something like this:

$ipaddress = ”;
if ($_SERVER[‘HTTP_CLIENT_IP’] != ‘127.0.0.1’)
$ipaddress = $_SERVER[‘HTTP_CLIENT_IP’];
else if ($_SERVER[‘HTTP_X_FORWARDED_FOR’] != ‘127.0.0.1’)
$ipaddress = $_SERVER[‘HTTP_X_FORWARDED_FOR’];
else if ($_SERVER[‘HTTP_X_FORWARDED’] != ‘127.0.0.1’)
$ipaddress = $_SERVER[‘HTTP_X_FORWARDED’];
else if ($_SERVER[‘HTTP_FORWARDED_FOR’] != ‘127.0.0.1’)
$ipaddress = $_SERVER[‘HTTP_FORWARDED_FOR’];
else if ($_SERVER[‘HTTP_FORWARDED’] != ‘127.0.0.1’)
$ipaddress = $_SERVER[‘HTTP_FORWARDED’];
else if ($_SERVER[‘REMOTE_ADDR’] != ‘127.0.0.1’)
$ipaddress = $_SERVER[‘REMOTE_ADDR’];
else
$ipaddress = 'UNKNOWN';

Hopefully that helps.

Answer 2

The reason it sees 127.0.0.1 is because when hidden services are in use - there is no "exit node" in the traditional sense.

Exit nodes are used to route traffic in and out of the Tor network. Since hits to your hidden service are coming from inside the Tor network, no exit node is actually used. Instead when the Tor client wants to access your hidden service it builds a circuit to the service and the connection takes place over the Tor network, to your local Tor client which then proxies the connection (over 127.0.0.1) to your web server.

The only time your hidden service will see an exit node IP is if your hidden service is available over Tor (.onion) and through the internet.

For example you can host your website publicly as usual (e.g. https://torsite.yourdomain.com) so regular & Tor clients (using exit nodes) can access your site. Additionally you can set up your local Tor node to proxy the hidden service (in which case access is strictly within the Tor network) and proxied through localhost.

Since it sounds like you are only hosting a hidden service, all hits from the Tor network will show up as 127.0.0.1 thus indicating they are accessing the service over Tor. Since Tor simply proxies the connection from the network to your local service, no circuit or Tor relay information is passed to the lighttpd.

Hope that makes sense.

See also: https://www.torproject.org/docs/hidden-services.html.en