Jump to content


php proxy detect

  • Please log in to reply
1 reply to this topic

#1 birdie

  • Members
  • PipPipPip
  • Advanced Member
  • 65 posts
  • LocationBirmingham UK

Posted 13 May 2006 - 10:08 PM

hi, the new php 5 doesnt allow $_SERVER['HTTP_X_FORWARDED_FOR']; so i'm after your help. Does anyone know a function which either finds out if the client has a proxy or even the clients real ip?

thanks alot

#2 toplay

  • Staff Alumni
  • Advanced Member
  • 973 posts

Posted 13 May 2006 - 11:43 PM

Please indicate why you say that?

That has nothing to do with what version of PHP you're using. That gets populated if it's in the HTTP header request.

Assuming a non-anonymous proxy is used, the HTTP_X_FORWARDED_FOR header contains the IP address of the user. In the event a user is going through multiple proxies, the HTTP_X_FORWARDED_FOR header might contain multiple addresses separated by commas. The last address in the list is the original address of the user.

None of that will be accurate 100% of the time. There is no full proof way to get a user's IP address because of various reasons. Any proxy along the way might not pass on the IP address, or users can specify the HTTP_X_FORWARDED_FOR themselves. Anonymous (real anonymous!) proxy servers don't transfer the information about the IP-address of the user.

Note: You must validate the HTTP_X_FORWARDED_FOR field or it could result in XSS (cross-site scripting) or SQL injection attack, depending on how you use it.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users