What exactly is $checkProxy in getClientIp?

[TheBigK]

I'm looking at this function -

 /**
     * Get the client's IP addres
     *
     * @param  boolean $checkProxy
     * @return string
     */
    public function getClientIp($checkProxy = true)
    {
        if ($checkProxy && $this->getServer('HTTP_CLIENT_IP') != null) {
            $ip = $this->getServer('HTTP_CLIENT_IP');
        } else if ($checkProxy && $this->getServer('HTTP_X_FORWARDED_FOR') != null) {
            $ip = $this->getServer('HTTP_X_FORWARDED_FOR');
        } else {
            $ip = $this->getServer('REMOTE_ADDR');
        }

        return $ip;
    }

I'm not sure where exactly should I look for to know what this $checkProxy is and what is it for?

 

[TickTackk]

Search for:
getClientIp(true)

 

[Jeremy P]

If your site is accessed through a proxy (ie CloudFlare, or nginx as a reverse proxy for Apache), the usual $_SERVER['REMOTE_ADDR'] variable with the visitor's IP address will contain the IP address of the proxy instead.

Proxies instead forward the visitor's IP address in either the HTTP_CLIENT_IP or HTTP_X_FORWARDED_FOR headers, which must be checked separately.

The $checkProxy boolean determines whether or not to check these special headers. You don't want them checked if you are not using a proxy, as otherwise visitors could spoof their IP address by setting these headers manually themselves.

 

[TheBigK]

If your site is accessed through a proxy (ie CloudFlare, or nginx as a reverse proxy for Apache), the usual $_SERVER['REMOTE_ADDR'] variable with the visitor's IP address will contain the IP address of the proxy instead.

Thanks a lot, Jeremy! That's exactly the information I was looking for.

@batpool52! - Yes, I did read that code in the Zend_Controller_Request_Http, but could not understand what the if loop was actually doing. The Zend Part of the game still looks like a distant galaxy to me.