Code Monkey home page Code Monkey logo

cf-ip-rewrite's Introduction

Cloudflare PHP IP Rewriting

This module makes it easy for developers to add rewrite Cloudflare IP Addresses for actual end-user IP Addresses at the application layer. It is recommended to either install mod_cloudflare for Apache or use nginx rewrite rules (https://support.cloudflare.com/hc/en-us/articles/200170706-Does-CloudFlare-have-an-IP-module-for-Nginx-) if possible.

For those cases, where the IP can not be guaranteed to be rewritten by one of these alternate means, this module can be used to rewrite the IP address.

How it works

    $ipRewrite = new CloudFlare\IpRewrite();
    $is_cf = $ipRewrite->isCloudFlare();
    $rewritten_ip = $ipRewrite->getRewrittenIP();
    $original_ip = $ipRewrite->getOriginalIP();

The class exposes three methods for interaction and a constructor.

Initializing IpRewrite() object will try to rewrite the IP. If the IP is rewritten, $_SERVER["REMOTE_ADDR"] will be updated to reflect the end-user's IP address.

isCloudFlare(); returns true if the CF_CONNECTING_IP header is present in the request and the request originates from a Cloudflare IP.

getRewrittenIP() Returns the rewritten ip address if a rewrite occurs, otherwise it will return null.

getOriginalIP() returns the saved original ip address from $_SERVER["REMOTE_ADDR"].

Best Pratice

    // Initialize object to rewrite the headers
    try {
        $ipRewrite = new CloudFlare\IpRewrite();
    } catch (RuntimeException $e) {
        // PHP configurations does not support IPv6
    }
    
    // Check if the request is from Cloudflare
    $is_cf = $ipRewrite->isCloudFlare();
    if ($is_cf) {
        // Get original or rewritten ip
        // Order does not matter
        ...
        $rewritten_ip = $ipRewrite->getRewrittenIP();
        ...
        $original_ip = $ipRewrite->getOriginalIP();
        ...
    }

Caution

Rewrite action is triggered only once in constructor. If getRewrittenIP() or getOriginalIP() is called multiple times it'll return the first result regardless if a change happened after the first call. Since rewrite action was not triggered.

To get the newest changes a new IpRewrite object should be used.

Testing this module

This module comes with a set of tests that can be run using phpunit. To run the tests, run composer install on the package and then one of the following commands:

Basic Tests

composer test

With code coverage report in coverage folder

vendor/bin/phpunit -c phpunit.xml.dist --coverage-html coverage

cf-ip-rewrite's People

Contributors

icyapril avatar jwineman avatar thellimist avatar tholu avatar xhmikosr avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

cloudxtreme alekseykorzun tangrufus tillkruss tholu jsoref sashithacj frooter ebourgess stefanogramm isabella232 wp-forks bengs

cf-ip-rewrite's Issues

Make IP ranges accessible

It would be great if the $cf_ipv4 and $cf_ipv6 where either public static variables, or at least have a static accessor to retrieve them.

Right now the only way to get my hand on the IP ranges without having IpRewrite change my global REMOTE_ADDR is this:

$inst = (new \ReflectionClass(\Cloudflare\IpRewrite::class))->newInstanceWithoutConstructor();
$ref = new ReflectionClass($inst);
$ipv4 = $ref->getProperty('cf_ipv4');
$ipv6 = $ref->getProperty('cf_ipv6');
$ipv4->setAccessible(true);
$ipv6->setAccessible(true);

var_dump($ipv4->getValue($inst));
var_dump($ipv6->getValue($inst));

Which is rather tedious.

Usage behind load balancer

The load balancer has internal IP, so REMOTE_ADDR isn't from Cloudflare.

Something like CloudflareRemoteIPTrustedProxy in mod_cloudflare would be useful.

No need for constructor

Typically having an empty function doing nothing is considered bad practise, in this case the constructor does not need to be in the class.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.