$_SERVER['REMOTE_ADDR'] failing

Our website uses a php script to capture the IP address of visitors.

Starting on 19 August, this PHP code

$_SERVER[‘REMOTE_ADDR’];

started returning 10.195.xxx.xx regardless of where the visitor is located.

Has something changed at Cloudflare or my host GoDaddy?

I’m a just script kiddie, using a script created by a neighborhood teenager ten years ago.

If you want to restore the original IP behind Cloudflare with PHP, I would recommend you to implement it something like this:

if (isset($_SERVER['HTTP_CF_CONNECTING_IP']) && filter_var($_SERVER['HTTP_CF_CONNECTING_IP'], FILTER_VALIDATE_IP)) {
  $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];
}

This will overwrite the $_SERVER['REMOTE_ADDR'] with $_SERVER["HTTP_CF_CONNECTING_IP"] if it exists and is a valid IP. This will then work without any other changes PHP wise, as you can continue to use $_SERVER['REMOTE_ADDR']

2 Likes

Thanks, M4rt1n!

This thread also discusses the issue: environment variables - How to get the client IP address in PHP - Stack Overflow and has similar code.

I appreciate your help.

1 Like

Well, that’s common practice :slight_smile: But I have not seen the filter_var($_SERVER['HTTP_CF_CONNECTING_IP'], FILTER_VALIDATE_IP) part in there. Which will protect against header modification, if it results in $_SERVER['HTTP_CF_CONNECTING_IP'] not containing a valid IP and therefore probably breaks the page.

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.