function ip_address

7 bootstrap.inc ip_address()
6 bootstrap.inc ip_address()

If Drupal is behind a reverse proxy, we use the X-Forwarded-For header instead of $_SERVER['REMOTE_ADDR'], which would be the IP address of the proxy server, and not the client's.

Return value

IP address of client machine, adjusted for reverse proxy.

13 calls to ip_address()
comment_save in modules/comment/comment.module
Accepts a submission of new or changed comment content.
drupal_anonymous_user in includes/bootstrap.inc
Generates a default anonymous $user object.
flood_is_allowed in includes/common.inc
Check if the current visitor (hostname/IP) is allowed to proceed with the specified event.
flood_register_event in includes/common.inc
Register an event for the current visitor (hostname/IP) to the flood control mechanism.
openid_verify_assertion_nonce in modules/openid/openid.module
Verify that the nonce has not been used in earlier assertions from the same OpenID provider.

... See full list

File

includes/bootstrap.inc, line 1317
Functions that need to be loaded on every Drupal request.

Code

function ip_address() {
  static $ip_address = NULL;

  if (!isset($ip_address)) {
    $ip_address = $_SERVER['REMOTE_ADDR'];
    if (variable_get('reverse_proxy', 0) && array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) {
      // If an array of known reverse proxy IPs is provided, then trust
      // the XFF header if request really comes from one of them.
      $reverse_proxy_addresses = variable_get('reverse_proxy_addresses', array());
      if (!empty($reverse_proxy_addresses) && in_array($ip_address, $reverse_proxy_addresses, TRUE)) {
        // If there are several arguments, we need to check the most
        // recently added one, i.e. the last one.
        $ip_address_parts = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
        $ip_address = array_pop($ip_address_parts);
      }
    }
  }

  return $ip_address;
}

Comments

Posted by robpeek on

Our proxy redirects a request to itself on a different port, for load balancing benefits, hence the last added ip is 127.0.0.1

The code below provides a answer to this problem, although you have to be careful when updating your install.

function ip_address() {
  static $ip_address = NULL;

  if (!isset($ip_address)) {
    $ip_address = $_SERVER['REMOTE_ADDR'];
    if (variable_get('reverse_proxy', 0) && array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) {
      // If an array of known reverse proxy IPs is provided, then trust
      // the XFF header if request really comes from one of them.
      $reverse_proxy_addresses = variable_get('reverse_proxy_addresses', array());
      if (!empty($reverse_proxy_addresses) && in_array($ip_address, $reverse_proxy_addresses, TRUE)) {
        // If there are several arguments, we need to check the most
        // recently added one, i.e. the last one.
        $ip_list = array_map('trim', explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']));
        $ip_address = array_pop($ip_list);
while(in_array($ip_address, $reverse_proxy_addresses)){
  $ip_address = trim(array_pop($ip_list));
  }
      }
    }
  }

  return $ip_address;
}

Posted by mikeytown2 on

Make sure to link to the issue
http://drupal.org/node/705718

Posted by EvanDonovan on

D6 issue currently awaiting testing is: http://drupal.org/node/621748.