How to get client IP address in Laravel 5+

Looking at the Laravel API:

Request::ip();

Internally, it uses the getClientIps method from the Symfony Request Object:

public function getClientIps(){    $clientIps = array();    $ip = $this->server->get('REMOTE_ADDR');    if (!$this->isFromTrustedProxy()) {        return array($ip);    }    if (self::$trustedHeaders[self::HEADER_FORWARDED] && $this->headers->has(self::$trustedHeaders[self::HEADER_FORWARDED])) {        $forwardedHeader = $this->headers->get(self::$trustedHeaders[self::HEADER_FORWARDED]);        preg_match_all('{(for)=("?\[?)([a-z0-9\.:_\-/]*)}', $forwardedHeader, $matches);        $clientIps = $matches[3];    } elseif (self::$trustedHeaders[self::HEADER_CLIENT_IP] && $this->headers->has(self::$trustedHeaders[self::HEADER_CLIENT_IP])) {        $clientIps = array_map('trim', explode(',', $this->headers->get(self::$trustedHeaders[self::HEADER_CLIENT_IP])));    }    $clientIps[] = $ip; // Complete the IP chain with the IP the request actually came from    $ip = $clientIps[0]; // Fallback to this when the client IP falls into the range of trusted proxies    foreach ($clientIps as $key => $clientIp) {        // Remove port (unfortunately, it does happen)        if (preg_match('{((?:\d+\.){3}\d+)\:\d+}', $clientIp, $match)) {            $clientIps[$key] = $clientIp = $match[1];        }        if (IpUtils::checkIp($clientIp, self::$trustedProxies)) {            unset($clientIps[$key]);        }    }    // Now the IP chain contains only untrusted proxies and the client IP    return $clientIps ? array_reverse($clientIps) : array($ip);} 

If you are under a load balancer, Laravel's \Request::ip() always returns the balancer's IP:

            echo $request->ip();            // server ip            echo \Request::ip();            // server ip            echo \request()->ip();            // server ip            echo $this->getIp(); //see the method below            // clent ip

This custom method returns the real client ip:

public function getIp(){    foreach (array('HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR') as $key){        if (array_key_exists($key, $_SERVER) === true){            foreach (explode(',', $_SERVER[$key]) as $ip){                $ip = trim($ip); // just to be safe                if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false){                    return $ip;                }            }        }    }    return request()->ip(); // it will return server ip when no client ip found}

In addition to this I suggest you to be very careful using Laravel's throttle middleware: It uses Laravel's Request::ip() as well, so all your visitors will be identified as the same user and you will hit the throttle limit very quickly. I experienced this live and this caused big issues.

To fix this:

Illuminate\Http\Request.php

    public function ip()    {        //return $this->getClientIp(); //original method        return $this->getIp(); // the above method    }

You can now also use Request::ip(), which should return the real IP in production.

Use request()->ip().

From what I understand, since Laravel 5 it's advised/good practice to use the global functions like:

response()->json($v);view('path.to.blade');redirect();route();cookie();

And, if anything, when using the functions instead of the static notation my IDE doesn't light up like a Christmas tree.