Same name and namespace in other branches
- 7.x includes/bootstrap.inc \ip_address()
If Drupal is behind a reverse proxy, we use the X-Forwarded-For header instead of $_SERVER['REMOTE_ADDR'], which would be the IP address of the proxy server, and not the client's.
Return value
IP address of client machine, adjusted for reverse proxy.
7 calls to ip_address()
- drupal_anonymous_user in includes/
bootstrap.inc - Generates a default anonymous $user object.
- flood_is_allowed in includes/
common.inc - Check if the current visitor (hostname/IP) is allowed to proceed with the specified event.
- flood_register_event in includes/
common.inc - Register an event for the current visitor (hostname/IP) to the flood control mechanism.
- sess_write in includes/
session.inc - Writes an entire session to the database (internal use only).
- statistics_exit in modules/
statistics/ statistics.module - Implementation of hook_exit().
File
- includes/
bootstrap.inc, line 1361 - Functions that need to be loaded on every Drupal request.
Code
function ip_address() {
static $ip_address = NULL;
if (!isset($ip_address)) {
$ip_address = $_SERVER['REMOTE_ADDR'];
if (variable_get('reverse_proxy', 0) && array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) {
// If an array of known reverse proxy IPs is provided, then trust
// the XFF header if request really comes from one of them.
$reverse_proxy_addresses = variable_get('reverse_proxy_addresses', array());
if (!empty($reverse_proxy_addresses) && in_array($ip_address, $reverse_proxy_addresses, TRUE)) {
// If there are several arguments, we need to check the most
// recently added one, i.e. the last one.
$ip_address_parts = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
$ip_address = array_pop($ip_address_parts);
}
}
}
return $ip_address;
}