Geek Answers Handbook

Get real user IP address using codeigniter

My application tracks the IP address of users registering on the site. The tracking worked fine on a regular web server (we were on the hostgator), but it seemed to start tracking the odd IP addresses when we switched to the PaaS platform (pagodabox). After talking with pagodabox support, they informed me that the IPs encoder code collected the IP addresses of the pagodabox load balancer / routers and get the actual user IP, I would have to use HTTP_X_FORWARDED_FOR

I used the codeigniter $this->input->ip_address() input class function to restore the user's IP address. I looked at the function and noticed that they have some kind of function to return the HTTP_X_FORWARDED_FOR IP value, but I'm not sure how to use it. Do I need to change / add something to the configuration?

EDIT: after several users indicated where I should add the load balancer to the list of IP addresses, a new question arose: what should I do if the IP list changes frequently? (that is, without a static IP address, all dynamic)

+7
source share
7 answers

I'm sure you decided to do this, but I thought I would post the correct answer for future reference. I ran into the same problem (using AWS load balancers with the CodeIgniter application.) As you pointed out, it’s easy enough to get the correct IP address from the load balancer or other distributed environment using the HTTP_X_FORWARDED_FOR header. The problem is, how do we correctly implement this solution in CodeIgniter? As the previous answer follows: Write your own IP function. The problem with this is, what if ip_address () is called throughout the application? Wouldn't it be better to override this function (with the one that looks at the correct header)? CodeIgniter has a convenient mechanism for this, which is convenient:

The solution is to extend the CodeIgniter input class by creating a new class file in / application / core called MY_Input.php (MY_ is a custom prefix for extensions, you can change it in your configuration file). With the help of extensions, you can create a function for the name SAME as the original method of the class without violating anything and without editing the kernel files. CodeIgniter just uses your new method. Your extended input class will look something like this:

 class MY_Input extends CI_Input { function __construct() { parent::__construct(); } //Overide ip_address() with your own function function ip_address() { //Obtain the IP address however you'd like, you may want to do additional validation, etc.. $correct_ip_address = $_SERVER['HTTP_X_FORWARDED_FOR']; return $correct_ip_address; } }

Thus, we changed the main behavior without breaking the framework, and existing calls to ip_address () throughout the application will now use your method.

As for working with a different IP address in the chain, if you are only interested in the client IP address, it does not matter. At a minimum, with AWS load balancers, the HTTP_X_FORWARDED_FOR header always contains the correct client IP address.

+10
source

The Oliver solution works, but in some cases it is better to use the following if you know the IP addresses of the proxy server that are used. Edit the application / config / config.php file to include the following:

 $config['proxy_ips'] = '1.2.3.4, 2.3.4.5';

Also keep in mind that header information is usually unreliable and should not be used for security purposes. For example, it’s not uncommon to restrict admin users to only some white IP addresses.

+6
source 
 <?php function getIPfromXForwarded() { $ipString = @getenv("HTTP_X_FORWARDED_FOR"); $addr = explode(",",$ipString); return $addr[sizeof($addr)-1]; } ?>

Try something like that. See if this works. Using:

 <? echo getIPfromXForwarded(); ?>
+3
source

I know there is a good answer that is relevant to your question and accepted by you, but for future users I share a function that works great for me in all situations.

  public function ip() { $ipaddress = ''; if ($_SERVER['HTTP_CLIENT_IP']) $ipaddress = $_SERVER['HTTP_CLIENT_IP']; else if($_SERVER['HTTP_X_FORWARDED_FOR']) $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR']; else if($_SERVER['HTTP_X_FORWARDED']) $ipaddress = $_SERVER['HTTP_X_FORWARDED']; else if($_SERVER['HTTP_FORWARDED_FOR']) $ipaddress = $_SERVER['HTTP_FORWARDED_FOR']; else if($_SERVER['HTTP_FORWARDED']) $ipaddress = $_SERVER['HTTP_FORWARDED']; else if($_SERVER['REMOTE_ADDR']) $ipaddress = $_SERVER['REMOTE_ADDR']; else $ipaddress = 'UNKNOWN'; echo $ipaddress ; }
+2
source

I came across a version of the Thava solution that is great for situations where load balancing IPs can change (like AWS) and still use the CI configuration files. When you know that you are working for LB, you can modify config.php as follows:

 $config['proxy_ips'] = isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : '';

Knowing that REMOTE_ADDR will always be the current LB.

Thanks to Eric Brown here https://expressionengine.com/forums/archive/topic/185751/amazon-load-balancing-and-codeigniter-configproxy_ips#925678

+2
source

I had the same situation at work, except that the IP addresses were not really “dynamic,” but the “proxy managers” and the infrastructure balancers used to change them for undisclosed reasons. Therefore, we had to agree, and we came up with a solution that sets the hook in our configuration / provisioning tool to write a configuration file somewhere (in a folder accessible to the user using our Apache / PHP).

So, I used the CI hook to read this file in the system bootstrap to change the configuration of my applications by updating values ​​such as a list of proxy IP addresses, cache path, cookie domain, etc.

+1
source

In your case, you can add the specified Load-Balancer IP address to $config['proxy_ips'] ( application/config/config.php ), for example:

 $config['proxy_ips'] = ['192.168.1.2'];

Dynamic IP Proxy:

According to your dynamic IP issue, you can mask the IP range for the Load-Balancer network, for example:

  $config['proxy_ips'] = '192.168.1.0/24';

Mask function works in Codeigniter 3

Get the IP method:

 $this->input->ip_address();

So far, $this refers to a CI instance.

This method takes into account the parameter $ config ['proxy_ips'] and returns the reported HTTP_X_FORWARDED_FOR, HTTP_CLIENT_IP, HTTP_X_CLIENT_IP or HTTP_X_CLUSTER_CLIENT_IP addresses for resolved IP addresses.

+1
source

More articles:


All Articles