REMOTE_ADDR showing local IP address rather than User IP – Fix

This is something that i come across on a regular basis whether it be on a misconfiguration server, a server which has a proxy attached or a server which is configured with Nginx or similar with reverse proxy.  What basically happens is when using scripts which require a users IP to be logged for example a forum or membership site,  where IPs are used for moderation,  banning purposes the server returns its local IP address ( or server IP ) instead of the users public IP.

Why is this a problem ?

Many platforms will still work regardless of this problem although many tracking scripts may show incorrect IP results,  however if your using IP logging such as a forum it can become a serious issue,  for example if all users are being logged under the Local IP, should a user be banned you could possibly IP ban all users,  or more commonly if a user forgets their passwords,  they attempt to login more than the limit set  ( for example vbulletin or xenforo has a limit of 5 ) ,  this then triggers a 15 minute block of that IP ,  if all users are of logged with the local IP it then means all users are blocked for 15 mins.

nginx_vs_apache

If those users then continue to try and login and keep failing the time period keeps extending and thus causing a massive problem where no users can use the platform indefinitely.   This happens more than you’d think,  regardless of the easy fix unless you know what your looking for its pretty hard to find a solution for.

How do i fix it ?

The fix is pretty straight forward in most instances and testing it is just as easy,  first lets setup a quick php file with the following code in which displays your IP :
Your IP Address is

 echo $_SERVER['REMOTE_ADDR']; 

Upload that php file to your server/domain and navigate to it via your browser,  this should display your Personal IP,  if it doesn’t then it means you need to apply the following code in to a relevant part of your script , most commonly found in the config.php ( in vbulletin/xenforo its config.php and in wordpress it would be wp-config.php ).

 
$_SERVER["REMOTE_ADDR"] = ( isset($_SERVER["HTTP_X_REAL_IP"]) ? $_SERVER["HTTP_X_REAL_IP"] : $_SERVER["REMOTE_ADDR"] ); 

You can test this is working by again applying the above code to the test file you created earlier in this article,  if you now see your personal IP you’ve solved your problem.

There used to be a server side solution for this problem called mod_rpaf although the original creators website is no longer active ,  i have however found a fork of this original module which can be found over at Github should you wish to solve the issue server side rather than patching every site on your server :

Reference : https://github.com/y-ken/mod_rpafMod_rpaf fork.