Given the recent problems with a user using many different HTTP proxies
to edit Wikipedia, we should consider using the information in the
HTTP_X_FORWARDED_FOR header supported by well-behaved proxies. If _any_
address in a HTTP_X_FORWARDED_FOR header is in our IP block list, the
request should be treated as if it had come directly from a blocked address.
This works well, as the various paranoid scenarios I can think of (eg
spurious headers) only work against the interests of the user sending
the headers, or make no difference from using their own IP address.
Anonymizing/spoofing proxies will have to be dealt with one-by-one as usual.
-- Neil