Are your own IP checks (or a plugin’s) failing to correctly identify your visitors’s locations? It may be down to your specific server configuration.
With PHP, the usual practice is obtain the visitor’s IP address from the $_SERVER[‘REMOTE_ADDR’] environment variable. However; with the increased use of reverse proxy and CDNs this is not always the case e.g. if your host is using NGINX then ‘REMOTE_ADDR’ may be its IP and the visitor’s actual IP might be stored in say $_SERVER[‘HTTP_X_REAL_IP’].
You can use the following script to find out which IP environment variable(s) is used by your server for the visitor’s “actual” IP:
- Copy to file and save as “iptest.php”
- upload it to your site
- find your “browsers” IP address ( whatismyip.com
- visit the “iptest.php” page on your site
- the browser will display the information resulting for your sites IP Env Variables
<!DOCTYPE html>
<html><head></head><body>
<p>Check what <a href="https://ipinfo.io/" target = "_blank">ipinfo.io</a> says is your IP Address (opens in new tab).</p>
<p>Note: variables like "HTTP_CLIENT_IP" and "HTTP_X_FORWARDED_FOR" may not be set unless (or even if) you can find (and test via) a transparent proxy</a>.</p>
<?php
foreach (array('REMOTE_ADDR', 'HTTP_CF_CONNECTING_IP', 'HTTP_X_REAL_IP', 'HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED') as $key){
echo "<hr><p><b>$key<b>: ";
if (empty($_SERVER[$key])){
echo 'is empty or not set</p>';
continue;
}
$possIP = $_SERVER[$key];
echo htmlspecialchars($possIP);
$ip = explode(',', $possIP);
if (count($ip) > 1) { // its a comma separated list of enroute IPs
echo '<br> a check of the first item indicates';
}
if (filter_var(trim($ip[0]), FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false) {
echo ' <i>it appears to be a valid IP address</i>';
} else { // its either an invalid IP, localhost, or a "private" IP range
echo ' <i>it does not look like a valid IP address</i>';
}
}
?>
<hr></body></html>
Visits via transparent (non-anonymous) proxies: There is a good chance the visitors “real” IP is not contained in ‘REMOTE_ADDR’ but one of the other variables such as “HTTP_CLIENT_IP” or “HTTP_X_FORWARDED_FOR”. If you have access to a non-anonymous proxy you can configure your browser and then visit the page again to see how proxified IPs are identified.
(truly) Anonymous proxies or VPNs. You can test by visiting the page again using the free Opera browser with VPN enabled. However; this will just demonstrate that you will never be able to identify visitor’s IP only the middleman VPN or Proxy.
If you think other environment variables should be added to the above script; then make a comment below.
Credits: The use of a foreach loop for env variables is based on Alix Axel’s snippet on Stackoverflow.
Leave a Reply