[nycphp-talk] best practice for detecting ip
rmarscher at beaffinitive.com
Tue Mar 18 16:16:47 EDT 2008
Does someone know the best practice for detecting ip addresses with
php/apache for use in reporting/metrics?
I'm re-evaluating our code for detecting ips and I see it's built
towards getting a unique browser ip without regard for how easily it
can be spoofed. For example, we're using X-FORWARDED-FOR which I know
can be very easily spoofed by proxy servers so it should only be done
with trusted proxies like AOL. Does anyone know where to find a good
list of ips of trusted proxies (as well as maybe a list of known
anonymous proxy servers)?
Also, is there any reason to use HTTP_CLIENT_IP? The current code we
have looks to use that first if it's available. But I'm not exactly
sure the difference between that header and REMOTE_ADDR.
Thanks a lot,
More information about the talk