How to Spoof Your IP Address to Test Geolocation

Post by on March 1, 2013

Have you ever wanted to test the behavior of a web application based on a specific IP address? The difficult part of doing that is you are required to make the request from that location (physically or virtually), unless you use a spoofing method. The following method I describe involves changing the IP of the loopback interface and will be from the perspective of testing a web application running on Apache on your local computer.

Before beginning, I want to say thank you to whoever made the post on StackOverflow which gave me this idea.

1. Change the loopback interface's IP address

To give some context, unix systems have a loopback network on the IP range By default, the loopback interface's IP address is set to and the hostname "localhost" is set in your hosts file (i.e. /etc/hosts) to point to If you have setup Apache for development on your local machine you are likely aware of this.

However, what we do here is change it from to an IP out in the "real world". For example, if you want to set your IP to one of Facebook's IP addresses, do the following:

$ sudo ifconfig lo0

Keep in mind that your loopback interface may be different than "lo0". To find out, run:

$ ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
 inet netmask 0xff000000 
 inet6 ::1 prefixlen 128

You can see that mine is "lo0".

2. Update the hosts file

Next, we need to update the hosts file so that "localhost" points to this new IP address, since it is no longer (It is worth noting that you will need to change any other hostname pointing to as well.) To do this, open up your hosts file (most likely) in /etc/hosts and change "" to our new IP address: localhost

3. Update the applications

a. Apache

You will need to change your vhosts to be either "*:80" or "".

b. MySQL

You will need to make sure any MySQL users (i.e. the MySQL user used by your web application) are specified with the host "%" or "". (At the moment, I don't recall if "localhost" works; if MySQL does a lookup for "localhost" it should find our new IP, but if it is hard coded to somewhere then it won't work.)

Now, when you go to http://localhost/ in your browser you should be able to see your webpage as normal, but from the perspective the our IP address. This can be very handy if you are testing geo-specific behaviors or for accuracy with a geolocation tool like MaxMind's mod_geoip2 module.

Older Posts »