On Wed, July 12, 2006 8:29 pm, Roger Thomas wrote: > I want to filter IP addresses. I noticed that my script catches IP > addresses that looks like they came from the internal LAN, ie > 192.x.x.x and 10.x.x.x > > My script catched those IPs by $_SERVER['REMOTE_ADDR']. Am I not being > able to catch IPs from transparent proxies that a user's ISP might > use? Would $_SERVER['HTTP_X_FORWARDED_FOR'] be better ? Reasons ? Since the whole point of a transparent proxy is to hide the IP address from you, then, yes, you can't get at that IP address. And, if you could, then it wouldn't matter much, as AOL users change IP addresses faster than a drummer changes his underwear. Furthermore, proxies will "mask" all the users behind a single IP -- So, for example, *ALL* IBM employees, and they are legion, could, in theory, have the "same" IP address as far as your web application is concerned. IP address is only useful in a couple instances. When you control the IP address and routers in the chain to be sure that the IP is correct, you can use it as a security layer to allow access only from one specific IP address. Bad Guys can forge IP addresses, but it's non-trivial, and routing the traffic to make it be useful to them is even more-so. IP address as a single indicator in a multi-faceted heuristic estimate that a "user" is the "same" as previous user is not completely useless, but you'd be better off just requiring a login unless you have some very serious infrastructure ready to leap into action on this task. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
