Detecting Visitor IP

coreActivity depends on getting valid and correct IP from the website visitor. But, that is not as easy as it may look like, and getting correct IP depends on several factors.

PHP $_SERVER array contains information about the server and current incoming request. When it comes to visitor IP, $_SERVER contains REMOTE_ADDR value identifying the IP address from the visitor currently viewing the website. But, that value is not always the IP of the visitor, it is the IP of the device making the connection to the website.

When the request is received by the website server, request contains number of header elements that will be added to the $_SERVER array. Many of the request header keys can be faked before reaching the website, except REMOTE_ADDR key which is the only key that is safe from tampering. If your visitor is behind proxy, or some other network interface, the real visitor IP can be set by one of the FORWARD keys (HTTP_X_FORWARDED, HTTP_X_FORWARDED_FOR, HTTP_CLIENT_IP…).

If you want to use any of the FORWARD values, you need to know that it can be completely fake value passed to the server. coreActivity will check each value to make sure it is valid IP, and if it is not valid IP, it will skip it.

coreActivity can also detect the visitor IP if your website is behind CloudFlare. If that is the case, plugin will check if the REMOTE_ADDR belongs to CloudFlare, and will than use the IP forwarded by CloudFlare.

If you want to use FORWARDED IP value, you can enable this in the plugin Settings, or via the Setup Wizard.

What is important to know:

  • Even if the FORWARDED IP values can be fake or spoofed, they are the only way to get the visitor IP for visitors behind proxies or on closed networks.
  • Plugin will never use the FORWARDED value, if that value is not real and valid IP. If the FORWARDED value is not IP, it will be skipped.
  • If the FORWARDED and REMOTE_ADDR values are not the same (and if the IP is not from CloudFlare), plugin will log REMOTE_ADDR too.
Rate this article

You are not allowed to rate this post.

Leave a Comment