Get information about the current HTTP request.
Contents
- getting request information:
- headers
- HTTPS detection
- client IP address
- scheme
- method
- host
- port
- URL
- base directory
- base path
- path info
- script name
- trusted proxy header support (x-forwarded / forwarded)
- host validation (inc. defining specific trusted hosts or host patterns)
- optional HTTP method override support
- PHP 7.1+
All configuration and value retrieval is done via the static Kuria\RequestInfo\RequestInfo
class.
By default all proxy headers are ignored. To trust select proxy headers, call RequestInfo::setTrustedProxies()
with an appropriately configured TrustedProxies
instance.
<?php
use Kuria\RequestInfo\RequestInfo;
use Kuria\RequestInfo\TrustedProxies;
$trustedProxies = new TrustedProxies(
['192.168.1.10', '192.168.1.20'], // one or more IP adresses or subnets in CIDR notation
TrustedProxies::HEADER_FORWARDED // which headers to trust (bit mask)
);
RequestInfo::setTrustedProxies($trustedProxies);
Trusted headers are a bitmask of the following constants:
Constant | Allowed headers |
---|---|
TrustedProxies::HEADER_FORWARDED |
Forwarded |
TrustedProxies::HEADER_X_FORWARDED_FOR |
X-Forwarded-For |
TrustedProxies::HEADER_X_FORWARDED_HOST |
X-Forwarded-Host |
TrustedProxies::HEADER_X_FORWARDED_PROTO |
X-Forwarded-Proto |
TrustedProxies::HEADER_X_FORWARDED_PORT |
X-Forwarded-Port |
TrustedProxies::HEADER_X_FORWARDED_ALL |
X-Forwarded-* |
Note
Trusting both the Forwarded
and X-Forwarded-*
headers is supported,
but they must report the same values. Different values will cause
Kuria\RequestInfo\Exception\HeaderConflictException
.
If you are sure that an application will always be behind a trusted proxy, you can
use $_SERVER['REMOTE_ADDR']
in place of a hardcoded IP address:
<?php
use Kuria\RequestInfo\RequestInfo;
use Kuria\RequestInfo\Helper\Server;
use Kuria\RequestInfo\TrustedProxies;
$trustedProxies = new TrustedProxies(
[Server::require('REMOTE_ADDR')],
TrustedProxies::HEADER_FORWARDED
);
RequestInfo::setTrustedProxies($trustedProxies);
The request host is always validated according to the standards.
To restrict accepted hosts further, use the following methods:
<?php
use Kuria\RequestInfo\RequestInfo;
// specific hosts (exact match)
RequestInfo::setTrustedHosts([
'www.example.com',
'cdn.example.com',
]);
// host patterns
RequestInfo::setTrustedHostPatterns([
'{\w+\.example\.com$}AD',
'{example-node-\d+$}AD',
]);
By default, the X-HTTP-Method-Override
header is ignored.
If you need to override the HTTP method via this header (e.g. because of restrictive firewall rules), you can enable its support:
<?php
use Kuria\RequestInfo\RequestInfo;
RequestInfo::setAllowHttpMethodOverride(true);
To restore default RequestInfo
configuration:
<?php
use Kuria\RequestInfo\RequestInfo;
RequestInfo::reset();
Get all request headers as an array. Header names are lowercased and used as keys.
<?php
print_r(RequestInfo::getHeaders());
Example output:
Array ( [host] => localhost:8080 [connection] => keep-alive [cache-control] => max-age=0 [upgrade-insecure-requests] => 1 [user-agent] => Mozilla/5.0 (Example) [accept] => text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 [accept-encoding] => gzip, deflate, br [accept-language] => en-US,en;q=0.9,cs;q=0.8 )
Check whether the request originated from a trusted proxy.
<?php
use Kuria\RequestInfo\RequestInfo;
if (RequestInfo::isFromTrustedProxy()) {
// request is from a trusted proxy
}
See whether the request uses HTTPS.
<?php
use Kuria\RequestInfo\RequestInfo;
if (RequestInfo::isSecure()) {
// request uses HTTPS
}
Get the client IP address.
<?php
use Kuria\RequestInfo\RequestInfo;
var_dump(RequestInfo::getClientIp());
Example output:
string(9) "127.0.0.1"
Note
RequestInfo::getClientIp()
will return NULL
if the client IP address is not known (e.g. in CLI).
To get all known client IP addresses (ordered from most trusted to least trusted), use getClientIps()
:
<?php
use Kuria\RequestInfo\RequestInfo;
print_r(RequestInfo::getClientIps());
Example output:
Array ( [0] => 20.30.40.50 [1] => 10.20.30.40 )
Note
RequestInfo::getClientIps()
will return an empty array if the client IP addresses are not known (e.g. in CLI).
Get the request method. The method name will always be in uppercase.
Also see HTTP method override.
<?php
use Kuria\RequestInfo\RequestInfo;
var_dump(RequestInfo::getMethod());
Example output:
string(3) "GET"
Get the request scheme.
<?php
use Kuria\RequestInfo\RequestInfo;
var_dump(RequestInfo::getScheme());
Example output:
string(4) "https"
Get the host name.
Also see Trusted hosts.
<?php
use Kuria\RequestInfo\RequestInfo;
var_dump(RequestInfo::getHost());
Example output:
string(9) "localhost"
Note
The returned host name does not include the port number. Use RequestInfo::getPort()
to get
the port number or RequestInfo::getUrl()->getFullHost()
to get the host name with the port
number (if it is non-standard).
Get the port number.
<?php
use Kuria\RequestInfo\RequestInfo;
var_dump(RequestInfo::getPort());
Example output:
int(80)
Get the request URL. Returns an unique instance of Kuria\Url\Url
.
See the kuria/url component for more information.
<?php
use Kuria\RequestInfo\RequestInfo;
$url = RequestInfo::getUrl();
echo
"URL:\t", $url->build(), PHP_EOL,
"Scheme:\t", $url->getScheme(), PHP_EOL,
"Host:\t", $url->getHost(), PHP_EOL,
"Port:\t", $url->getPort(), PHP_EOL,
"Path:\t", $url->getPath(), PHP_EOL,
"Query:\t", json_encode($url->getQuery()), PHP_EOL;
Example output:
URL: http://localhost:8080/test/index.php/foo?bar=baz Scheme: http Host: localhost Port: 8080 Path: /test/index.php/foo Query: {"bar":"baz"}
Get base directory (without script name, if any). The returned path never ends with a "/".
<?php
use Kuria\RequestInfo\RequestInfo;
var_dump(RequestInfo::getBaseDir());
Examples:
URL | Base directory |
---|---|
http://localhost/index.php | (empty string) |
http://localhost/index.php/page | (empty string) |
http://localhost/web/index.php | /web |
http://localhost/we%20b/index.php | /we%20b |
Get base path (including the script name, if any). The returned path never ends with a "/".
<?php
use Kuria\RequestInfo\RequestInfo;
var_dump(RequestInfo::getBasePath());
Examples:
URL | Base path |
---|---|
http://localhost/index.php | /index.php |
http://localhost/index.php/page | /index.php |
http://localhost/web/index.php | /web/index.php |
http://localhost/we%20b/index.php | /we%20b/index.php |
Get path info.
<?php
use Kuria\RequestInfo\RequestInfo;
var_dump(RequestInfo::getPathInfo());
Examples:
URL | Path info |
---|---|
http://localhost/index.php | (empty string) |
http://localhost/index.php/page | /page |
http://localhost/web/index.php | (empty string) |
http://localhost/we%20b/index.php/foo%20bar | /foo%20bar |
Get the current script name.
<?php
use Kuria\RequestInfo\RequestInfo;
var_dump(RequestInfo::getScriptName());
Example output:
string(18) "./public/index.php"
Most methods of the RequestInfo
class cache their results internally. If you manipulate $_SERVER
after already reading some request information, you will need to call RequestInfo::clearCache()
to clear the cache.