How to get the ip address of users access drupal login page.

@cilefen I configured new drupal 10 set up in localhost in xampp.

There is no load balancer or forward cache.

Please find the details:

Drupal version : 10.3.5
DB driver : mysql
DB hostname : localhost
DB port : 3306
DB username : root
DB name : d10
Database : Connected
Drupal bootstrap : Successful
Default theme : olivero
Admin theme : claro
PHP binary : C:/xampp/php/php.exe
PHP config : C:/xampp/php/php.ini
PHP OS : WINNT
PHP version : 8.1.6
Drush script : C:/xampp/htdocs/d10/vendor/drush/drush/drush
Drush version : 12.5.3.0
Drush temp : C:/Users/admin/AppData/Local/Temp
Drush configs : C:/xampp/htdocs/d10/vendor/drush/drush/drush.yml
Install profile : standard
Drupal root : C:/xampp/htdocs/d10/web
Site path : sites/default
Files, Public : sites/default/files
Files, Temp : C:\xampp\tmp

The settings.php code:

// Enable reverse proxy handling in Drupal.
$settings['reverse_proxy'] = TRUE;

// Specify the IP addresses of all your trusted reverse proxies.
// If you're unsure about the IPs, you may need to ask your hosting provider
// or use the CIDR range for your load balancer or CDN (e.g., Cloudflare, AWS).
$settings['reverse_proxy_addresses'] = [
  '127.0.0.1',      // For local development environments
  '***.**.*.*',  // Replace with your reverse proxy IP
  // Add more IP addresses if necessary
];

// Use the 'X-Forwarded-For' header to get the real client IP.
$settings['reverse_proxy_header'] = 'X-Forwarded-For';

The PHP code snippet to get the current user's IP address also provides the value of 127.0.0.1
Added the below code in hook_form_alter function of user_login_form.

 // Check for shared internet or proxy server
    if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
        $ip = $_SERVER['HTTP_CLIENT_IP'];
    } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        // Check for IP address forwarded from a proxy
        $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
    } else {
        // Use REMOTE_ADDR if no proxy or client IP is available
        $ip = $_SERVER['REMOTE_ADDR'];
    }

Tried with Login Event subscriber as well, but could not find any solution.

The below code from the Drupal core module, UserLoginForm.phpalso unaable to give the exact ip address but shows the 127.0.0.1.

// If the username entered is not a valid user,
          // only store the IP address.
          $this->logger('user')->notice('Login attempt failed from %ip.', ['%ip' => $this->getRequest()->getClientIp()]);

@cilefen Can you please suggest a way to get the ip address.

Appreciate any inputs.

Thanks

I want this ip address rather than 127.0.0.1

ifconfig.co — What is my IP address?
165.225.***.***

This issue is raised from one of our client security team. Please find below are the issue details:

IP address-based blocking bypass via XForwarded-For

The vulnerability involves improper IP address handling in Drupal's brute force protection mechanism, leading to an IP address-based blocking bypass. This misconfiguration occurs because the X-Forwarded-For header is not correctly processed, allowing attackers to evade brute force protections.
Properly configure IP detection so that the real IP address is correctly parsed and used by the brute force protection mechanism

Note:- Currently this issue we are checking on local , once issue fixed we will check on the server.
We have checked with the $_server variable also we are getting same 127.0.0.1.

Is there anything we need to enable in server/apache level?