function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
hemmhemm 

HTTP Header Values for client IP Address

I am looking for the most reliable way to know the IP address of the client machine visiting my Sites page.  Looking at all the available headers on the page using ApexPages.currentPage().getHeaders(), I see several options like "True-Client-IP", "X-Forwarded-For" and "X-Salesforce-SIP"

 

"True-Client-IP" seems to be accurate all the time, but isn't always present.

 

"X-Forwarded-For" has a couple IP addresses in thereso I need to parse the list of IPs.  According to Wikipedia, this is somewhat of a standard header.  However, I always thought anything with "X-" is custom and not standard.

 

"X-Salesforce-SIP" is another that seems to be accurate on some pages, but on others it's not.

 

What's the most reliable?  In what situations are these header values populated?  Are there other values I should look for?

 

My code may look for all possible headers, but I want to start with the most reliable and try to understand the situations in which that are populated.

 

 

Message Edited by hemm on 07-15-2009 12:43 AM
Best Answer chosen by Admin (Salesforce Developers) 
BulentBulent

True-Client-IP has the value when the request is coming via the caching integration. 

X-Salesforce-SIP has the value if there is no caching integration (sandbox, developer edition orgs) or via the secure url

All Answers

BulentBulent

True-Client-IP has the value when the request is coming via the caching integration. 

X-Salesforce-SIP has the value if there is no caching integration (sandbox, developer edition orgs) or via the secure url

This was selected as the best answer
Andrew B. DavisAndrew B. Davis
There's nice code for this from Anthony Coleman (http://www.forcedisturbances.com/2012/05/limiting-access-to-visual-force-pages.html). 
public static String GetUserIPAddress() {
 string ReturnValue = '';  
   
 // True-Client-IP has the value when the request is coming via the caching integration.
        ReturnValue = ApexPages.currentPage().getHeaders().get('True-Client-IP');
 
          // X-Salesforce-SIP has the value when no caching integration or via secure URL.
        if (ReturnValue == '' || ReturnValue == null) {
         ReturnValue = ApexPages.currentPage().getHeaders().get('X-Salesforce-SIP');
        } // get IP address when no caching (sandbox, dev, secure urls)
 
         if (ReturnValue == '' || ReturnValue == null) {
         ReturnValue = ApexPages.currentPage().getHeaders().get('X-Forwarded-For');
        } // get IP address from standard header if proxy in use
 
 return ReturnValue;
  
} // GetUserIPAddress