Use X-Forwarded-For headers on Magento

Question

So here's the deal:

We're trying to setup Google Page Speed to work with Magento and we're worried that since all the pages will be served by Google we won't know the client IP address for my users' requests. This we fear will affect our our user's ability to interact with the website (login/logout and checkout) and our ability to use analytics (Google Analytics). Is this really going to be a problem/issue?

We did some research and found that we need to setup X-Forwarded-For headers either in Apache or PHP. Our host says that they can't do this because:

Normally we would use mod_rpaf which does what you want (translates a forwarded IP into the real one before it gets passed to your code) but mod_rpaf requires you provide it with a list of the forwarding servers. Google doesn't supply this, so we can't use that.

So now the only option left is to set it up with Magento's PHP, how do we do this?

While going through the Magento Admin (System > Configuration > Web > Session Validation Settings) we noticed 'Validate HTTP_X_FORWARDED_FOR': would changing this to 'Yes' help?

-Thanks.

Answer 1

Google page Speed will will set the http_x_forwarded_for header in the request that it sends to magento, this means that magento can pick it up using PHP, like this:

$real_customer_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];

Magento will capture ip information passed via the http_x_forwarded_for header without extra configuration.

To test this, set up a test instance of your site working with Google Page Speed and place an order. If you then examine the order you will see that it has values for both 'remote_ip' and 'x_forwarded_for'. These values are stored in magento's MySQL database, in the 'sales_flat_order' table.

The IP address of a customer is irrelevant to magento's login/logout/checkout functionality, it uses information stored in the http-session.