Download the PHP package vectorface/whip without Composer

On this page you can find all versions of the php package vectorface/whip. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package whip

Whip

Build Status Code Coverage Scrutinizer Code Quality Latest Stable Version License

Whip (stands for Which Ip) is a lightweight class for returning a client's IP address in PHP.

The Problem

It may seem trivial to simply pull the client's IP address from $_SERVER['REMOTE_ADDR'] but this address is not always accurate. For example, if your web servers are behind a reverse proxy like Varnish, the IP address listed will be that of your proxy and not the client.

Many solutions propose checking multiple headers but those headers can be spoofed as well and we want to present a final solution anyone can deploy.

Installing Whip.

Simply run the following composer command:

Using Whip

Add the required use statement to your class

To fetch an IP address using every implemented method, you can simply do

The class will attempt every method to retrieve the client's IP address starting with very specific use cases and falling back to more general use cases.

Note, that the method Whip::getValidIpAddress will return false if no valid IP address could be determined, so it is important to check for errors.

To fetch an IP address using a specific method, you can pass a bitmask of enabled methods to the constructor. Here is an example of looking up the IP address using CloudFlare's custom HTTP header, and falling back to $_SERVER['REMOTE_ADDR'] otherwise.

This method works, but there is the problem that the custom HTTP header can easily be spoofed if your sites accept traffic not from CloudFlare. To prevent this, Whip allows you to specify a whitelist of IP addresses (or address ranges) that you accept per method.

Using Whip Behind a Trusted Proxy

A common use case is to deploy a trusted proxy (nginx, varnish, and many others) in front of an application server. To forward the correct client IP, the trusted proxy should be configured to inject a header for Whip to read with the custom headers method.

If the trusted proxy is configured to send a X-My-Client-IP header, Whip could be used as follows:

Using the CloudFlare IP Range Whitelist

As a common example, Whip can accept a whitelist of IP ranges for CloudFlare when using their custom header and fall back to $_SERVER['REMOTE_ADDR'] if the custom header was not found or if the source IP address does match any in the whitelist.

Please be sure to use the actual list of IP ranges from CloudFlare for IPv4 and IPv6.

List of Methods

The individual methods are stored as integer constants on the Whip class. To combine methods, use the bitwise OR operator |. The current methods are:

Please note that the proxy headers method can be susceptible to client spoofing because it extracts addresses from several possible HTTP headers. This means that using the proxy headers method is not appropriate where trust is required, like in the context of authentication.

Using a Custom Header

Whip can also allow you to specify a custom header to use. For example, you may configure your own proxy to send a unique obfuscated header internally that would be hard to spoof. In this example, we assume Varnish is run locally and we use a custom HTTP header "X-SECRET-REAL-IP" (and fall back to $_SERVER['REMOTE_ADDR'] if the custom header doesn't work).

Valid IP Ranges

For IPv4, Whip accepts three types of IP ranges:

For IPv6, Whip only accepts the CIDR bitmask notation (fc00::/7).

Furthermore, you can specify a list of exact IP addresses instead of a list of ranges.

IP Range Filtering

Whip can also be used to provide simple IP range matching. For example,

PSR-7 Requests, and Others

Whip supports using PSR-7 (http-message) request instances in place of the $_SERVER superglobal. For example,

Other request formats can be supported via a RequestAdapter (src/Request/RequestAdapter) implementation.


All versions of whip with dependencies

PHP Build Version
Package Version
Requires php Version >=8.0
psr/http-message Version ^1.0 || ^2.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package vectorface/whip contains the following files

Loading the files please wait ....