• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

What exactly is $checkProxy in getClientIp?

TheBigK

Well-known member
#1
I'm looking at this function -

PHP:
 /**
     * Get the client's IP addres
     *
     * @param  boolean $checkProxy
     * @return string
     */
    public function getClientIp($checkProxy = true)
    {
        if ($checkProxy && $this->getServer('HTTP_CLIENT_IP') != null) {
            $ip = $this->getServer('HTTP_CLIENT_IP');
        } else if ($checkProxy && $this->getServer('HTTP_X_FORWARDED_FOR') != null) {
            $ip = $this->getServer('HTTP_X_FORWARDED_FOR');
        } else {
            $ip = $this->getServer('REMOTE_ADDR');
        }

        return $ip;
    }
I'm not sure where exactly should I look for to know what this $checkProxy is and what is it for?
 

Jeremy P

Well-known member
#3
If your site is accessed through a proxy (ie CloudFlare, or nginx as a reverse proxy for Apache), the usual $_SERVER['REMOTE_ADDR'] variable with the visitor's IP address will contain the IP address of the proxy instead.

Proxies instead forward the visitor's IP address in either the HTTP_CLIENT_IP or HTTP_X_FORWARDED_FOR headers, which must be checked separately.

The $checkProxy boolean determines whether or not to check these special headers. You don't want them checked if you are not using a proxy, as otherwise visitors could spoof their IP address by setting these headers manually themselves.
 
Last edited:

TheBigK

Well-known member
#4
If your site is accessed through a proxy (ie CloudFlare, or nginx as a reverse proxy for Apache), the usual $_SERVER['REMOTE_ADDR'] variable with the visitor's IP address will contain the IP address of the proxy instead.
Thanks a lot, Jeremy! That's exactly the information I was looking for.

@batpool52! - Yes, I did read that code in the Zend_Controller_Request_Http, but could not understand what the if loop was actually doing. The Zend Part of the game still looks like a distant galaxy to me.