Gerard Meijssen wrote:
Hoi,
A user of the nl:wikipedia who had the misfortune to be blocked on a
proxy server, mentioned that many providers send a HTTP_X_FORWARDED_FOR
header along. This she said could easily be retrieved using PHP with the
variable $_SERVER["HTTP_X_FORWARDED_FOR"]. Now when this is true, it
makes excellent sense to use this IP-adress for the registration of
contributions but also for the use of blocking specific IP numbers.
I have no idea if our software uses this or not. I thought this a great
idea so I move this remark to you in the hope that we can enhance our
software and make our anti vandal solutions more accurate.
In my experience, caching proxies from ISPs don't usually give an XFF
header. It's only a squid extension anyway, not part of the HTTP
standard. Open proxies give an XFF header maybe 50% of the time.
AOL, for example, gives no information in their HTTP headers which
identifies a user. This is a deliberate policy aimed at protecting privacy.
-- Tim Starling