Quote:
Originally Posted by sarettah
I just had a conversation with another programmer (whom I respect very much). He had seen the code and suggested a couple of changes in the .php versions of the code.
When getting the ip I was simply using the Server var for the Remote Ip ($_SERVER['REMOTE_ADDR']).
He suggested that for someone hosting with a forwarding service, such as cloudflare, that the Remote Addr var would always return Cloudflare's ip.
So to get to the real ip we have to do a little shuffling through the various server vars we have available and the code ends up looking something like:
Code:
$clientip='';
if (isset($_SERVER['HTTP_CLIENT_IP']) && $_SERVER['HTTP_CLIENT_IP'] != "")
{
$clientip = addslashes($_SERVER['HTTP_CLIENT_IP']);
}
else if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] != "")
{
$clientip = addslashes($_SERVER['HTTP_X_FORWARDED_FOR']);
}
else
{
$clientip = addslashes($_SERVER['REMOTE_ADDR']);
}
He also reminded me to always escape the server vars as a security step.
So I am changing up the 2 php demos to utilize this methodology.
Thanks to K0nr4d ( https://gfy.com/members/k0nr4d/) for the advice. https://www.mechbunny.com/ is Konr4d's baby if you did not know that already.
. |
Cloudflare has their own headers for you to substitute into your code. REMOTE_ADDR is HTTP_CF_CONNECTING_IP.