All visits have same IP - even after activating proxy_client_headers

We recently moved our Piwik installation to a new server platform that includes a reverse proxy. Since then, all visits have the same source IP. According to How do I configure Piwik when the server is installed behind a proxy? - Analytics Platform - Matomo , we uncommented the line:

proxy_client_headers[] = HTTP_X_FORWARDED_FOR

But it has no effect! The source IP is still the same, geolocation does not work.

phpinfo(); shows that requests get the HTTP_X_FORWARDED_FOR header with the value:
x.x.x.x, y.y.y.y

where x.x.x.x is the real source IP. Not sure what y.y.y.y is, maybe an intermediate proxy.

Where is the problem? I have searched for similar topics but all of them point to proxy_client_headers[] as a solution. What are we missing?

Thanks in advance.

It should work to put proxy_client_headers[] = HTTP_X_FORWARDED_FOR below [General] in config.ini.php

Thank you for your answer Mathieu. A bit more detail:

  • the relevant section of our /config/config.ini.php is:

[General]
proxy_client_headers[] = HTTP_X_FORWARDED_FOR
proxy_host_headers[] = HTTP_X_FORWARDED_HOST

  • All visits in the Visitors in Real time section of the Dashboard appear from source IP X.Y.0.0, which does NOT match the one shown in the REMOTE_ADDR part of the headers. X.Y part is the same but not the last two digits.

  • The Visitors / Locations panels shows all visits coming from the same place.

  • As I mentioned, HTTP_X_FORWARDED_FOR shows two IPs sepparated by a comma. The good one is the first one; browsing the code it seemed to me that is takes the last one, but that one does not match X.Y.0.0 either.

There has to be something we are missing. Whan can we do to find the problem?

Hi there,

Maybe you could enable tracker debugging: Tracking HTTP API: API Reference - Piwik Analytics - Developer Docs - v3

and then take a look at the output.

if you find a bug in Piwik please follow up with us with an issue in the tracker: Issues · matomo-org/piwik · GitHub

I did, but I’m not sure what to look for. It only says:

“DEBUG: Visitor IP (was: 130.211.0.0) has been anonymized: X.Y…0.0”

But it does not explain where the IP comes from. Should it give more details if it is being extracted from HTTP_X_FORWARDED_FOR instead of REMOTE_ADDR?

To find out where the IP comes from, (ie. all IP addresses available for piwik to use) you could add the following in piwik.php

\Piwik\Common::printDebug($_SERVER);

just before this line: $response = $tracker->main($handler, $requestSet);

it will print the whole list of server values, including the IP addresses.

I just did. It shows, as part of the server values:

‘HTTP_X_FORWARDED_FOR’ => ', ',
‘REMOTE_ADDR’ => ‘’,

and then, a few lines below:

DEBUG: Executing Piwik\Plugins\CoreHome\Tracker\VisitRequestProcessor::afterRequestProcessed()…
DEBUG: Visitor IP (was: ) has been anonymized:

is the real IP from where I am connecting. and have the same two first digits. has those same first digits and then 0.0 This IP is nowhere in the server values; not only it is not using the correct one, it appears to truncate it.

I’m not sure if some content is maybe missing from your post?

Oh, right. I didn’t notice that using < and > as placeholders hid the text. Second attempt:

I just did. It shows, as part of the server values:

‘HTTP_X_FORWARDED_FOR’ => ‘[ip1], [ip2]’,
‘REMOTE_ADDR’ => ‘[ip3]’,

and then, a few lines below:

DEBUG: Executing Piwik\Plugins\CoreHome\Tracker\VisitRequestProcessor::afterRequestProcessed()…
DEBUG: Visitor IP (was: [ip4]) has been anonymized: [ip4]

[ip1] is the real IP from where I am connecting. [ip2] and [ip3] have the same two first digits. [ip4] has those same first digits and then 0.0 This IP is nowhere in the server values; not only it is not using the correct one, it appears to truncate it.

the truncation is due to the privacy IP anonimiser: Configure Privacy Settings in Piwik - Analytics Platform - Matomo

I see. The line

DEBUG: Visitor IP (was: [ip4]) has been anonymized: [ip4]

seems to imply that the truncated IP is there before anonymization.

Still, if I disable the IP anonymizer, the IP that is shown in the real time panel is the same as [ip2].

This matches what I thought I saw in the code: when HTTP_X_FORWARDED_FOR contains more than one IP, the one Piwik keeps is the last one. However, in our case, the real IP that we would want to keep is the first one.

Is there anything that can be done about that, either in Piwik or our proxy?

Thanks again.

Hi @mvillar - do you mind reporting a bug / issue on our tracker? Issues · piwik/piwik · GitHub

@mvillar, did you managed to resolve this issue?
Following as I am also encountering similar issue.

Yes. I reported the bug as instructed by Matthieu and he created a patch. Check

I do believe the change was integrated in later versions but I’m not entirely sure.