PHP most accurate / safe way to get real user IP address in 2017

Question

What is the most accurate way to get user\'s IP address in 2017 via PHP?

I\'ve read a lot of SO questions and answers about it, but most of answers are old and comme

Answer 1

You have to collaborate with your sysops team (or if you're wearing that hat too, you will need to do some research). The header check is used when your network infrastructure is configured in certain ways where the remote requester is one of your network appliances instead of the end user.

This sort of thing happens when your web server(s) sit behind a load balancer or firewall or other appliance that needs to interrogate the payload to properly handle it. An example is when a load balancer terminated ssl and forwards the request on to the web server without ssl. When this occurs the remote address becomes the load balancer. It also happens with firewall appliances that do the same thing.

Most instances the device will offer configuration to set a header value in the request with the original remote ip address. The header is usually what you'd expect but it can in some cases be different or even configurable.

What's more, depending on your web server configuration (apache, nginx or other) may not support or be currently configured to support certain custom headers such as the common ip header.

The point is us you will need to investigate your network configuration to ensure that the original requester's ip makes it all the way through to your application code and in what form.