Hey everyone,
Does someone know the best practice for detecting ip addresses with
php/apache for use in reporting/metrics?
I'm re-evaluating our code for detecting ips and I see it's built
towards getting a unique browser ip without regard for how easily it
can be spoofed. For example, we're using X-FORWARDED-FOR which I know
can be very easily spoofed by proxy servers so it should only be done
with trusted proxies like AOL. Does anyone know where to find a good
list of ips of trusted proxies (as well as maybe a list of known
anonymous proxy servers)?
Also, is there any reason to use HTTP_CLIENT_IP? The current code we
have looks to use that first if it's available. But I'm not exactly
sure the difference between that header and REMOTE_ADDR.
Thanks a lot,
Rob
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
