[nycphp-talk] best practice for detecting ip

Rob Marscher rmarscher at
Thu Mar 27 18:42:04 EDT 2008

On Mar 27, 2008, at 12:34 AM, Larry Ludwig wrote:
> On Mar 18, 2008, at 4:16 PM, Rob Marscher wrote:
>> Hey everyone,
>> Does someone know the best practice for detecting ip addresses with  
>> php/apache for use in reporting/metrics?
>> I'm re-evaluating our code for detecting ips and I see it's built  
>> towards getting a unique browser ip without regard for how easily  
>> it can be spoofed.  For example, we're using X-FORWARDED-FOR which  
>> I know can be very easily spoofed by proxy servers so it should  
>> only be done with trusted proxies like AOL.  Does anyone know where  
>> to find a good list of ips of trusted proxies (as well as maybe a  
>> list of known anonymous proxy servers)?
>> [snip]
> Yes I assuming you are partly asking this based upon the amount of  
> form spam and the amount of people using anonymous proxing.

Yeah... that and also things like unique click/impression tracking,  
identifying people creating multiple accounts on sites, etc.  Those  
links were pretty helpful.  It would be nice if there was a whitelist  
maintained of ips for trusted proxies from major ISPs as well.

More information about the talk mailing list