Is it safe to assume that a false comparison of SERVER_ADDR against REMOTE_ADDR results in the end-user viewing your website through some sort of proxy?
The manual states the following:
The IP address of the server under which the current script is executing.
The IP address from which the user is viewing the current page.
In my mind, they would both be servers (and not the end-user’s node IP address), but it’s just a matter of determining what server IP address you might wish to retain when logging network access information. I suppose both values could potentially be useful information, but still…
Have any of you successfully deployed an “anti-proxy” solution? I just finished testing a script that promised the world through the use of “HTTP_X_FORWARDED_FOR”, and of course, it nosedived after using it with HideMyA$$. Not unexpected.
Any light on this is appreciated.