Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Feature I'd like to see:
Not all web hosts determine the IP address the same way. Some use REMOTE_ADDR, some use HTTP_X_CLUSTER_CLIENT_IP, etc.
I'm proposing a hook for over-riding the default ip_address api call, so small modules could be written to provide this information without having to hack it into the core, in the event of a different IP addressing scheme..
-Myke
Comments
Comment #1
dave reidWhat's wrong with the current implementation? It provides support for both REMOTE_ADDR, HTTP_X_CLUSTER_CLIENT_IP and HTTP_X_FORWARDED_FOR.
Comment #2
myke commentedThere are other situations where the IP address could end up in a variable besides those.
HTTP_CLIENT_IP is one of them.. (Some proxies use that one..)
But yes, I do love the Drupal 7 implementation so far, I just wish it had a hook so it could be overridden..
-Myke
Comment #3
damien tournoud commentedA hook probably won't fly here (ip_address() has to be callable early in the bootstrap process), but we could define an override function, like drupal_mail_wrapper().
Comment #4
myke commented(Hadn't thought about that aspect of it.. =) ) an override function would be good.. For those instances where things need to be customized a little..
-Myke
Comment #5
markus_petrux commentedIf you're under an environment that is not supported, for whatever reason, one thing you can do is override REMOTE_ADDR from settings.php ;-)
Comment #6
damien tournoud commented@markus_petrux: right.
Maybe that should be documented somewhere?
Comment #7
myke commentedHow exactly is this done?
-Myke
Comment #8
markus_petrux commentedIn example, I implemented what ip_address() does since Drupal 6, for a Drupal 5 based site, just adding code at the bottom of my settings.php.
If you're behind a cluster that uses the X-Cluster-Client-Ip header, you can do something similar. But please, don't forget to check $_SERVER['REMOTE_ADDR'] against a whitelist of addresses, otherwise if someone spoofs the header and accesses the site directly (bypassing the cluster), it can make the site see any IP address!
See comment #14 here:
http://drupal.org/node/258397#comment-1089311
Comment #9
markus_petrux commentedhmm... maybe I was not clear enough on how it can be done.
settings.php is invoked from conf_init() which happens on the first phase of Drupal bootstrap, and just after PHP superglobals have been sanitized. This is also before ip_address() is used.
Since ip_address() reads the contents of $_SERVER['REMOTE_ADDR'] to obtain the client IP address, you have the chance to include code in your settings.php script to override the value of $_SERVER['REMOTE_ADDR'] with whatever you may need. So you can validate the X-Cluster-Client-Ip header and use that value to set $_SERVER['REMOTE_ADDR'] that is what ip_address() will see later.
Comment #10
dave reidSounds like this is a won't fix then.