Yii2: getUserIP() method in yii\web\Request class returns internal IP if application is hosted behind Nginx proxy

Created on 10 Aug 2016  路  3Comments  路  Source: yiisoft/yii2

What steps will reproduce the problem?

  • Host application in a server behind Nginx proxy
  • Print Yii::$app->request->userIP

    What is the expected result?

It has to print the remote IP from where the request originated

What do you get instead?

Prints internal Nginx proxy IP

Additional info

| Q | A |
| --- | --- |
| Yii version | 2.0.9 |
| PHP version | 5.6.20 |
| Operating system | Ubuntu 14.04 |

picture cyberinferno
👍1

Most helpful comment

That's by design. If you need it to return IP passed via HTTP header you should override the method. The reason is that by default HTTP-headers could be modified by user.

picture samdark on 10 Aug 2016
👍2

All 3 comments

That's by design. If you need it to return IP passed via HTTP header you should override the method. The reason is that by default HTTP-headers could be modified by user.

samdark picture samdark on 10 Aug 2016
👍2

Shouldn't there be a way to do this from the framework itself? For example, the default behaviour can be to return $_SERVER['REMOTE_ADDR'] like it is now, but also allow the programmer to pass a list of trusted headers which contain the real client IP. These header fields would then take precedence over $_SERVER['REMOTE_ADDR']

krukru picture krukru on 21 Apr 2017

@krukru this is discussed in https://github.com/yiisoft/yii2/issues/10854

cebe picture cebe on 22 Apr 2017
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

sahifedp picture sahifedp  路  3Comments
nokimaro picture nokimaro  路  3Comments
dbd5 picture dbd5  路  3Comments
Locustv2 picture Locustv2  路  3Comments
newscloud picture newscloud  路  3Comments