Progress Technologies, Inc. – Custom Web, Database and Application Development

Category: PHP Development

  • National Debt Tracker: American taxpayers (you) are now on the hook for …

    U.S. Total Public Debt Outstanding
    $37,232,288,662,023.91
    As of
    Official source: Treasury FiscalData
    Debt Held by the Public
    $29,860,626,144,050.13
    Marketable & non-marketable debt held outside the U.S. government.


    Intragovernmental Holdings
    $7,371,662,517,973.78
    Holdings within U.S. government accounts (e.g., trust funds).


    Data Source & API
    Updates at end of each business day for the previous business day.
    https://api.fiscaldata.treasury.gov/services/api/fiscal_service/v2/accounting/od/debt_to_penny?fields=record_date,tot_pub_debt_out_amt,debt_held_public_amt,intragov_hold_amt&sort=-record_date&page[size]=1&format=json
    Attribution: U.S. Department of the Treasury, Bureau of the Fiscal Service — FiscalData “Debt to the Penny”. No endorsement is implied.
    Data and API are provided “as is” and “as available” by the Bureau of the Fiscal Service. No warranties are made and availability may change at any time.
    Wordpress Plugin development provided by https://progresstechnologies.com/. No warranties are made and availability may change at any time.

  • How to Log the Real Visitor IP Address When Using Cloudflare

    If you accept connections from websites or API running behind Cloudflare, there’s a hidden “gotcha” you must know about:

    By default, your end-point server will NOT see the real end-user’s IP address.

    Instead, every incoming request appears to come from a Cloudflare data center.
    This impacts:

    • Abuse prevention (rate limiting)
    • Accurate analytics
    • Geo-targeting
    • Any IP-based feature or logging

    Why?

    Cloudflare acts as a reverse proxy, routing all traffic through their global edge network.
    Your server’s REMOTE_ADDR variable now reflects the Cloudflare node—not your actual visitor.

    The Solution: Use the Special HTTP Header

    Cloudflare automatically sends the true client IP in the CF-Connecting-IP HTTP header.

    To reliably log and process the real user’s IP in PHP, use this snippet:

    function getRealIp() {
        // Prefer Cloudflare's header if present
        if (!empty($_SERVER['HTTP_CF_CONNECTING_IP'])) {
            return $_SERVER['HTTP_CF_CONNECTING_IP'];
        }
        // Optionally support generic proxies
        if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
            return explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'])[0];
        }
        // Fallback to server-provided address
        return $_SERVER['REMOTE_ADDR'] ?? 'UNKNOWN';
    }

    Best Practices:

    • Use this getRealIp() helper everywhere you log, rate-limit, or analyze IP addresses.
    • If you use other CDNs or reverse proxies, check their docs for equivalent headers.
    • Do not trust X-Forwarded-For unless you control all proxy hops—it can be spoofed by end users.

    Why This Matters:

    • Without this fix: All requests appear to originate from Cloudflare, making IP-based abuse detection and analytics impossible.
    • With this fix: You’ll always have the real end-user IP, whether you’re behind Cloudflare or not.

    Resources:

    TL;DR:
    When accounting for Cloudflare, always log and use the IP from CF-Connecting-IP, not just REMOTE_ADDR.
    It’s a simple fix that saves hours of debugging and improves your site’s security and analytics.