1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What exactly is $checkProxy in getClientIp?

Discussion in 'XenForo Development Discussions' started by TheBigK, Sep 2, 2015.

  1. TheBigK

    TheBigK Well-Known Member

    I'm looking at this function -

         * Get the client's IP addres
         * @param  boolean $checkProxy
         * @return string
    public function getClientIp($checkProxy true)
            if (
    $checkProxy && $this->getServer('HTTP_CLIENT_IP') != null) {
    $ip $this->getServer('HTTP_CLIENT_IP');
            } else if (
    $checkProxy && $this->getServer('HTTP_X_FORWARDED_FOR') != null) {
    $ip $this->getServer('HTTP_X_FORWARDED_FOR');
            } else {
    $ip $this->getServer('REMOTE_ADDR');

    I'm not sure where exactly should I look for to know what this $checkProxy is and what is it for?
  2. batpool52!

    batpool52! Well-Known Member

    Search for:
  3. Jeremy P

    Jeremy P Well-Known Member

    If your site is accessed through a proxy (ie CloudFlare, or nginx as a reverse proxy for Apache), the usual $_SERVER['REMOTE_ADDR'] variable with the visitor's IP address will contain the IP address of the proxy instead.

    Proxies instead forward the visitor's IP address in either the HTTP_CLIENT_IP or HTTP_X_FORWARDED_FOR headers, which must be checked separately.

    The $checkProxy boolean determines whether or not to check these special headers. You don't want them checked if you are not using a proxy, as otherwise visitors could spoof their IP address by setting these headers manually themselves.
    Last edited: Sep 2, 2015
    TheBigK likes this.
  4. TheBigK

    TheBigK Well-Known Member

    Thanks a lot, Jeremy! That's exactly the information I was looking for.

    @batpool52! - Yes, I did read that code in the Zend_Controller_Request_Http, but could not understand what the if loop was actually doing. The Zend Part of the game still looks like a distant galaxy to me.

Share This Page