Markantonio created the topic: public static function getIP(): BUG report and Cloudflare compatibility
I was modifying the function "public static function getIP()" (which can be found inside the file "aehelper.class.php") for adding support to Cloudflare, when I found a weird bug.
First things first, Cloudflare is a service for protecting websites: since it requires webmasters to modify DNS records on the host, the traffic passes thru cloudflare, therefore the IP the host sees is not the one of the user but that of Cloudflare. To circumvent this. Cloudflare adds a HTTP header HTTP_CF_CONNECTING_IP containing the IP address of the user (I found some info on
which, anyway, is about another CMS, but that's irrelevant).
Sometimes Joomla seems to be able to fix this (the developers probably know very well what Cloudflare is), so there should be no need to take this into account, but, since it's better safe than sorry, I added a first line in the function for taking it into account.
Creating a simple info.php file will show all the variables:
michael replied the topic: public static function getIP(): BUG report and Cloudflare compatibility
I like it!
I'll have a closer look at that and see what I can do for future versions. I'm fairly certain that requesting HTTP_CF_CONNECTING_IP should be benign on systems not hosted with cloudflair, but I want to be sure before I use that.
Also, regarding HTTP_X_FORWARDED_FOR - I think it would be easier (read, less processor/memory intensive) to do something like this: