I want to store user ip address with $_SERVER[‘REMOTE_ADDR’]. From what I understand, this works perfectly until user uses proxy.
I could use in those cases $_SERVER[‘HTTP_X_FORWARDED_FOR’], but this can be faken.
So I am thinking to deny access to publish content pages for user that uses proxy. I only need to store ip of those users who publish content.
But in which cases users use proxy? I don’t want to close publish option to too many people. Is proxy used also in some public networks or companies and user even don’t know that?
Almost all web browsers run on machines that are behind some sort of router/firewall. While the router/firewall has a public IP address, the machines behind it all have private addresses. This allows a business or home to support multiple machines (ex., your notebook, your partner’s tablet, and your kid’s PC) using a single public IP address. The variable $_SERVER[‘REMOTE_ADDR’] provides your code with this public IP address. Note that the private address for each machine is not routable over the public internet nor is it available to your code.
In many cases the public IP address can be used to identify the site but not the specific machine. Many (but not all) businesses use static IP addresses so their public IP address will not change over time. But houses and some businesses have dynamic IP addresses. This means that periodically their ISP can change their public IP address.
Several years ago, I encountered an ISP that assigned public IP addresses at the edge of their network instead of assigning them to each house / subscriber. The result was that for a single user, my application saw a pair of alternating IP addresses which made tracking the user’s transactions by IP address impossible. This is why cookies were invented.