How to Access Real Visitor IP Addresses When Using CloudFlare?

Accessing Real Visitor IP Addresses with CloudFlare

Web applications often rely on $_SERVER['REMOTE_ADDR'] to track and log the IP addresses of users visiting their websites. However, when using CloudFlare for caching and protection, the received IP addresses belong to CloudFlare, not the actual visitors. This poses a challenge for accurate IP address tracking in PHP.

CloudFlare's Special Variables

To address this issue, CloudFlare provides additional server variables that can be used to retrieve the real visitor IP address. These variables include:

• $_SERVER["HTTP_CF_CONNECTING_IP"]: Contains the IP address of the actual visitor.
• $_SERVER["HTTP_CF_IPCOUNTRY"]: Provides the visitor's country.
• $_SERVER["HTTP_CF_RAY"]: A unique identifier for the request.
• $_SERVER["HTTP_CF_VISITOR"]: Indicates whether the request was made via HTTP or HTTPS.

Correcting the IP Address

To retrieve the actual visitor IP address while using CloudFlare, you can use the following code:

<code class="php">if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) {
  $_SERVER['REMOTE_ADDR'] = $_SERVER["HTTP_CF_CONNECTING_IP"];
}</code>

This assigns the real visitor IP address to the $_SERVER['REMOTE_ADDR'] variable, allowing you to track and log it accurately.

Security Considerations

It's important to note that anyone with direct access to your server IP can manipulate these header values. To ensure validity, consider verifying that the $_SERVER['REMOTE_ADDR'] corresponds to a legitimate CloudFlare IP address before relying on it.

The above is the detailed content of How to Access Real Visitor IP Addresses When Using CloudFlare?. For more information, please follow other related articles on the PHP Chinese website!