1 bootstrap.inc | ip_address() |
Returns the IP address of the client machine.
If Backdrop is behind a reverse proxy, we use the X-Forwarded-For header instead of $_SERVER['REMOTE_ADDR'], which would be the IP address of the proxy server, and not the client's. The actual header name can be configured by the reverse_proxy_header variable.
Return value
IP address of client machine, adjusted for reverse proxy and/or cluster: environments.
File
- core/
includes/ bootstrap.inc, line 3868 - Functions that need to be loaded on every Backdrop request.
Code
function ip_address() {
$ip_address = &backdrop_static(__FUNCTION__);
if (!isset($ip_address)) {
$ip_address = $_SERVER['REMOTE_ADDR'];
if (settings_get('reverse_proxy', 0)) {
$reverse_proxy_header = settings_get('reverse_proxy_header', 'HTTP_X_FORWARDED_FOR');
if (!empty($_SERVER[$reverse_proxy_header])) {
// If an array of known reverse proxy IPs is provided, then trust
// the XFF header if request really comes from one of them.
$reverse_proxy_addresses = settings_get('reverse_proxy_addresses', array());
// Turn XFF header into an array.
$forwarded = explode(',', $_SERVER[$reverse_proxy_header]);
// Trim the forwarded IPs; they may have been delimited by commas and spaces.
$forwarded = array_map('trim', $forwarded);
// Tack direct client IP onto end of forwarded array.
$forwarded[] = $ip_address;
// Eliminate all trusted IPs.
$untrusted = array_diff($forwarded, $reverse_proxy_addresses);
if (!empty($untrusted)) {
// The right-most IP is the most specific we can trust.
$ip_address = array_pop($untrusted);
}
else {
// All IP addresses in the forwarded array are configured proxy IPs
// (and thus trusted). We take the leftmost IP.
$ip_address = array_shift($forwarded);
}
}
}
}
return $ip_address;
}