[PHP] Expansion of Apache definitions

[John Iliffe]

I recently made a posting on the Apache users group regarding recovering 
the client IP address using the $_SESSION['REMOTE_ADDR'] function in PHP.

I received the following caveat from another developer:

-start quote
You may want to update that.

Since 2.4, apache makes the distinction between the the two different
REMOTE_ADDR candidates: the peer making the TCP connection,
and the client making the HTTP request.  In other words, the nearest
proxy and the end-user.  The latter is of course very easy to spoof,
but is nevertheless the one most applications want.
--end quote

Is there any development underway in PHP to have both of these addresses 
available in the $_SESSION global variable?  

Regards,

John

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Expansion of Apache definitions

[Sebastian Krebs]

2013/1/10 John Iliffe 

> I recently made a posting on the Apache users group regarding recovering
> the client IP address using the $_SESSION['REMOTE_ADDR'] function in PHP.
>
> I received the following caveat from another developer:
>
> -start quote
> You may want to update that.
>
> Since 2.4, apache makes the distinction between the the two different
> REMOTE_ADDR candidates: the peer making the TCP connection,
> and the client making the HTTP request.  In other words, the nearest
> proxy and the end-user.  The latter is of course very easy to spoof,
> but is nevertheless the one most applications want.
> --end quote
>
> Is there any development underway in PHP to have both of these addresses
> available in the $_SESSION global variable?
>

It's only semi-official, but the whole proxy chain is usually available in
X-Forwarded-For.


>
> Regards,
>
> John
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


-- 
github.com/KingCrunch