How to unmask an IP address served by Cloudflare for Opencart

In the Opencart framework, a manager may access a report of current users online. This is useful for seeing site activity, and also for identifying harmful (or legit) bot activity. If you are using the Cloudflare CDN, which we do on most of our site builds, the actual IP address of the visitor or bot is masked with a Cloudflare address. This is not so useful.

The Opencart Who’s Online Report

The following article and code show how to unmask the Cloudflare IP addresses with the actual address for the visitors online report.


Cloudflare comes with the following additional server variables:


The one we will be working with today is $_SERVER[‘HTTP_CF_CONNECTING_IP’]. This reveals the “real” IP address of the visitor.

In our footer.php (catalog/controller/common/footer.php) we update the following block…

if (isset($this->request->server['REMOTE_ADDR'])) {
    $ip = $this->request->server['REMOTE_ADDR'];
} else {
    $ip = '';


} elseif (isset($this->request->server['REMOTE_ADDR'])) {
    $ip = $this->request->server['REMOTE_ADDR'];
} else {
    $ip = '';

And Bob’s your uncle! You now should have a list of actual IP addresses that you can analyse. For our next trick, we will be adding bot information to our report, however we will be needing much more coffee for this!

Let us know any mods you have created in regard to the Opencart who’s online report.

Leave a Reply

Your email address will not be published. Required fields are marked *