Nadia S.
—You have a PHP application and want to keep track of visitors to analyze your traffic or for customization or security purposes. How can you do this?
You can use the $_SERVER
superglobal variable with the'REMOTE_ADDR'
key to get the IP address making the request to your application’s server. For example:
// get the immediate IP address echo 'Client IP making the request: ' . $_SERVER['REMOTE_ADDR'];
As we are running a local server, the IP address making the request is ::1
, which is the same as the IPv4 127.0.0.1
localhost IP address. For example:
Client IP making the request: ::1
It’s crucial to remember that client IP addresses are easy to manipulate. There’s no guarantee that any IP addresses you get using this method are accurate. However, the information is still valuable for analyzing traffic to your application.
If a request to your application comes via a proxy server (like a VPN) or load balancer, the IP address making the request will differ from the original IP address.
You can use the $_SERVER
superglobal variable with the 'HTTP_X_FORWARDED_FOR'
keys to get the IP addresses of the last proxy and the original requestor.
To prevent an Undefined array key
error, we use an if statement and first check that the 'HTTP_X_FORWARDED_FOR'
value is present before echoing it out. For example:
// get the original IP address if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { echo 'Forwarding IP: ' . $_SERVER['HTTP_X_FORWARDED_FOR']; } else { echo 'No forwarding IP address(es) available'; }
If the request does not come from a proxy server, the output is:
No forwarding IP address(es) available
Note that, even if there is no value for the $_SERVER['HTTP_X_FORWARDED_FOR']
expression, the request might still have come from a proxy server or load balancer. Certain configurations and network settings could omit or strip information about the forwarding IP addresses. There could also be numerous forwarding IP addresses, in which case the 'HTTP_X_FORWARDED_FOR'
value will contain several comma-separated IP addresses.
It’s a good idea to record both the most recent and original client IP addresses to increase your chances of uniquely identifying a visitor to your application or website.
You can use the $_SERVER['HTTP_CLIENT_IP']
variable to attempt to get the IP address of a shared network. However, this shared network information is not widely used in server configurations.
We use an if statement to check whether the value is present before attempting to echo it out. For example:
if (!empty($_SERVER['HTTP_CLIENT_IP'])) { echo 'Forwarded IP: ' . $_SERVER['HTTP_CLIENT_IP']; } else { echo 'No shared network IP address available'; }
Output:
No shared network IP address available
Tasty treats for web developers brought to you by Sentry. Get tips and tricks from Wes Bos and Scott Tolinski.
SEE EPISODESConsidered “not bad” by 4 million developers and more than 100,000 organizations worldwide, Sentry provides code-level observability to many of the world’s best-known companies like Disney, Peloton, Cloudflare, Eventbrite, Slack, Supercell, and Rockstar Games. Each month we process billions of exceptions from the most popular products on the internet.
Here’s a quick look at how Sentry handles your personal information (PII).
×We collect PII about people browsing our website, users of the Sentry service, prospective customers, and people who otherwise interact with us.
What if my PII is included in data sent to Sentry by a Sentry customer (e.g., someone using Sentry to monitor their app)? In this case you have to contact the Sentry customer (e.g., the maker of the app). We do not control the data that is sent to us through the Sentry service for the purposes of application monitoring.
Am I included?We may disclose your PII to the following type of recipients:
You may have the following rights related to your PII:
If you have any questions or concerns about your privacy at Sentry, please email us at compliance@sentry.io.
If you are a California resident, see our Supplemental notice.