https://github.com/slamdunk/psr7-get-client-ip
https://github.com/slamdunk/psr7-get-client-ip
Last synced: over 1 year ago
JSON representation
- Host: GitHub
- URL: https://github.com/slamdunk/psr7-get-client-ip
- Owner: Slamdunk
- License: mit
- Created: 2023-08-10T12:07:34.000Z (almost 3 years ago)
- Default Branch: master
- Last Pushed: 2025-03-18T16:14:56.000Z (over 1 year ago)
- Last Synced: 2025-03-18T17:51:20.413Z (over 1 year ago)
- Language: PHP
- Size: 136 KB
- Stars: 2
- Watchers: 2
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# PSR-7 Get Client Ip for both IPv4 and IPv6
[](https://packagist.org/packages/slam/psr7-get-client-ip)
[](https://packagist.org/packages/slam/psr7-get-client-ip)
[](https://github.com/Slamdunk/psr7-get-client-ip/actions/workflows/ci.yaml)
[](https://dashboard.stryker-mutator.io/reports/github.com/Slamdunk/psr7-get-client-ip/master)
## Installation
`composer require slam/psr7-get-client-ip`
## Motivation & Usage
Knowing the client's IP is needed to distinguish between bad and good actors, and take appropriate countermeasures.
In IPv4 protocol it's an easy job (or it should be https://adam-p.ca/blog/2022/03/x-forwarded-for/):
* If the actor is good, you take its IPv4 and stick its session to it, so to mitigate session hijacking.
* If the actor is bad, you ban its IPv4.
In IPv6 protocol it's a different story though: routers default implementation allow each client to choose and change
their IP within the subnet, which is at least `/64`. Rate-limiting and banning must take this into consideration, see
https://adam-p.ca/blog/2022/02/ipv6-rate-limiting/
The best approach is still in debate; this library takes the following approach:
* If the actor is good, the full IPv6 ir returned
* If the actor is bad, the `/64` relative subnet is returned
```php
$request = new ServerRequest([
'REMOTE_ADDR' => '1.2.3.4',
]);
var_dump((new Psr7GetClientIp())->forGoodList($request)); // '1.2.3.4'
var_dump((new Psr7GetClientIp())->forNaughtyList($request)); // '1.2.3.4'
$request = new ServerRequest([
'REMOTE_ADDR' => '2013:b0a7:5d31:fd03:7257:ae71:6cb9:8e1d',
]);
var_dump((new Psr7GetClientIp())->forGoodList($request)); // '2013:b0a7:5d31:fd03:7257:ae71:6cb9:8e1d'
var_dump((new Psr7GetClientIp())->forNaughtyList($request)); // '2013:b0a7:5d31:fd03::/64'
```