Is it safe to assume that a false comparison of SERVER_ADDR against REMOTE_ADDR results in the end-user viewing your website through some sort of proxy?
The manual states the following:
‘SERVER_ADDR’:
The IP address of the server under which the current script is executing.
‘REMOTE_ADDR’
The IP address from which the user is viewing the current page.
In my mind, they would both be servers (and not the end-user’s node IP address), but it’s just a matter of determining what server IP address you might wish to retain when logging network access information. I suppose both values could potentially be useful information, but still…
Have any of you successfully deployed an “anti-proxy” solution? I just finished testing a script that promised the world through the use of “HTTP_X_FORWARDED_FOR”, and of course, it nosedived after using it with HideMyA$$. Not unexpected.
Any light on this is appreciated. 