How to get client IP address in Laravel 5+
Looking at the Laravel API:
Request::ip();
Internally, it uses the getClientIps
method from the Symfony Request Object:
public function getClientIps(){ $clientIps = array(); $ip = $this->server->get('REMOTE_ADDR'); if (!$this->isFromTrustedProxy()) { return array($ip); } if (self::$trustedHeaders[self::HEADER_FORWARDED] && $this->headers->has(self::$trustedHeaders[self::HEADER_FORWARDED])) { $forwardedHeader = $this->headers->get(self::$trustedHeaders[self::HEADER_FORWARDED]); preg_match_all('{(for)=("?\[?)([a-z0-9\.:_\-/]*)}', $forwardedHeader, $matches); $clientIps = $matches[3]; } elseif (self::$trustedHeaders[self::HEADER_CLIENT_IP] && $this->headers->has(self::$trustedHeaders[self::HEADER_CLIENT_IP])) { $clientIps = array_map('trim', explode(',', $this->headers->get(self::$trustedHeaders[self::HEADER_CLIENT_IP]))); } $clientIps[] = $ip; // Complete the IP chain with the IP the request actually came from $ip = $clientIps[0]; // Fallback to this when the client IP falls into the range of trusted proxies foreach ($clientIps as $key => $clientIp) { // Remove port (unfortunately, it does happen) if (preg_match('{((?:\d+\.){3}\d+)\:\d+}', $clientIp, $match)) { $clientIps[$key] = $clientIp = $match[1]; } if (IpUtils::checkIp($clientIp, self::$trustedProxies)) { unset($clientIps[$key]); } } // Now the IP chain contains only untrusted proxies and the client IP return $clientIps ? array_reverse($clientIps) : array($ip);}
If you are under a load balancer, Laravel's \Request::ip()
always returns the balancer's IP:
echo $request->ip(); // server ip echo \Request::ip(); // server ip echo \request()->ip(); // server ip echo $this->getIp(); //see the method below // clent ip
This custom method returns the real client ip:
public function getIp(){ foreach (array('HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR') as $key){ if (array_key_exists($key, $_SERVER) === true){ foreach (explode(',', $_SERVER[$key]) as $ip){ $ip = trim($ip); // just to be safe if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false){ return $ip; } } } } return request()->ip(); // it will return server ip when no client ip found}
In addition to this I suggest you to be very careful using Laravel's throttle middleware: It uses Laravel's Request::ip()
as well, so all your visitors will be identified as the same user and you will hit the throttle limit very quickly. I experienced this live and this caused big issues.
To fix this:
Illuminate\Http\Request.php
public function ip() { //return $this->getClientIp(); //original method return $this->getIp(); // the above method }
You can now also use Request::ip()
, which should return the real IP in production.
Use request()->ip()
.
From what I understand, since Laravel 5 it's advised/good practice to use the global functions like:
response()->json($v);view('path.to.blade');redirect();route();cookie();
And, if anything, when using the functions instead of the static notation my IDE doesn't light up like a Christmas tree.