2013/1/10 John Iliffe <john.ili...@iliffe.ca> > I recently made a posting on the Apache users group regarding recovering > the client IP address using the $_SESSION['REMOTE_ADDR'] function in PHP. > > I received the following caveat from another developer: > > -------------start quote-------------------- > You may want to update that. > > Since 2.4, apache makes the distinction between the the two different > REMOTE_ADDR candidates: the peer making the TCP connection, > and the client making the HTTP request. In other words, the nearest > proxy and the end-user. The latter is of course very easy to spoof, > but is nevertheless the one most applications want. > --------------end quote-------------------- > > Is there any development underway in PHP to have both of these addresses > available in the $_SESSION global variable? >
It's only semi-official, but the whole proxy chain is usually available in X-Forwarded-For. > > Regards, > > John > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- github.com/KingCrunch
