Download the PHP package akrabat/ip-address-middleware without Composer

On this page you can find all versions of the php package akrabat/ip-address-middleware. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package ip-address-middleware

Client IP address middleware

PSR-15 Middleware that determines the client IP address and stores it as an ServerRequest attribute called ip_address. It optionally checks various common proxy headers and then falls back to $_SERVER['REMOTE_ADDR'].

Build status

Configuration

The constructor takes 4 parameters which can be used to configure this middleware.

Check proxy headers

Note that the proxy headers are only checked if the first parameter to the constructor is set to true. If it is set to false, then only $_SERVER['REMOTE_ADDR'] is used.

Trusted Proxies

If you configure to check the proxy headers (first parameter is true), you have to provide an array of trusted proxies as the second parameter. When the array is empty, the proxy headers will always be evaluated which is not recommended. If the array is not empty, it must contain strings with IP addresses (wildcard * is allowed in any given part) or networks in CIDR-notation. One of them must match the $_SERVER['REMOTE_ADDR'] variable in order to allow evaluating the proxy headers - otherwise the REMOTE_ADDR itself is returned.

Attribute name

By default, the name of the attribute is 'ip_address'. This can be changed by the third constructor parameter.

Headers to inspect

By default, this middleware checks the 'Forwarded', 'X-Forwarded-For', 'X-Forwarded', 'X-Cluster-Client-Ip' and 'Client-Ip' headers. You can replace this list with your own using the fourth constructor parameter.

If you use the nginx, set_real_ip_from directive, then you should probably set this to:

$headersToInspect = [
    'X-Real-IP',
    'Forwarded',
    'X-Forwarded-For',
    'X-Forwarded',
    'X-Cluster-Client-Ip',
    'Client-Ip',
];

If you use CloudFlare, then according to the documentation you should probably set this to:

$headersToInspect = [
    'CF-Connecting-IP',
    'True-Client-IP',
    'Forwarded',
    'X-Forwarded-For',
    'X-Forwarded',
    'X-Cluster-Client-Ip',
    'Client-Ip',
];

Security considerations

A malicious client may send any header to your proxy, including any proxy headers, containing any IP address. If your proxy simply adds another IP address to the header, an attacker can send a fake IP. Make sure to setup your proxy in a way that removes any sent (and possibly faked) headers from the original request and replaces them with correct values (i.e. the currently used REMOTE_ADDR on the proxy server).

This library cannot by design ensure you get correct and trustworthy results if your network environment isn't setup properly.

Installation

composer require akrabat/ip-address-middleware

In Mezzio, copy Mezzio/config/ip_address.global.php.dist into your Mezzio Application config/autoload directory as ip_address.global.php

Usage

In Slim 3:

In Laminas or Mezzio, add to your pipeline.php config at the correct stage, usually just before the DispatchMiddleware:

If required, update your .env file with the environmental variables found in /config/autoload/ip_address.global.php.

Testing


All versions of ip-address-middleware with dependencies

PHP Build Version
Package Version
Requires php Version ^7.2 || ^8.0
psr/http-message Version ^1.0 || ^2.0
psr/http-server-middleware Version ^1.0
psr/container Version ^1.0 || ^2.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package akrabat/ip-address-middleware contains the following files

Loading the files please wait ....