As a plugin author my plugins will be used on many different server configurations. In the case when a plugin needs to retrieve the real user IP behind a proxy, and the proxy is a known proxy such as Cloudflare, I can use a quiet simple function to retrieve the IP address.
But it becomes more difficult if I don't know which proxy is in place (if one is being used at all). So the plugin needs an (almost) complete list of proxy headers to test through until the plugin retrieves a valid user IP address. Also I need to make sure the plugin tests the proxy headers in the right order. If I test for REMOTE_ADDR first, it will return a valid IP, but it will be the one of the proxy, and not the one of the user.
(I know, IP addresses can be spoofed. The goal is not to get the correct IP 100%, but as close as possible.)
Here is a list of proxy headers I was able to collect so far. I am not sure if all of them are relevant, or if the order is ideal.
Please have a look and add / remove proxy headers and optimize the order of the list:
$proxy_headers = [
'HTTP_CF_CONNECTING_IP', // Cloudflare
'HTTP_TRUE_CLIENT_IP', // Cloudflare Enterprise
'HTTP_INCAP_CLIENT_IP', // Incapsula
'HTTP_X_SUCURI_CLIENTIP', // Sucuri
'HTTP_FASTLY_CLIENT_IP', // Fastly
'HTTP_X_FORWARDED_FOR', // any proxy
'HTTP_X_FORWARDED',
'HTTP_X_CLUSTER_CLIENT_IP',
'HTTP_FORWARDED_FOR',
'HTTP_FORWARDED',
'HTTP_CLIENT_IP',
'REMOTE_ADDR'
];
If you find a documentation link to one of the proxy headers it would be great if you could add it to the list of links. Here are the ones I found.
