Hey, You'd have to log at least both addresses, if you don't trust a forwarding proxy. Malicious user can specify same header and have other users framed. Moreover, lots of such headers would contain local ip addresses, like 192.168.0.0/24 subnet. And last, but not the least. Apaches already use this, because users don't contact software directly, but via squid proxy pool. Cheers, Domas -----Original Message----- A user of the nl:wikipedia who had the misfortune to be blocked on a proxy server, mentioned that many providers send a HTTP_X_FORWARDED_FOR header along. This she said could easily be retrieved using PHP with the variable $_SERVER["HTTP_X_FORWARDED_FOR"]. Now when this is true, it makes excellent sense to use this IP-adress for the registration of contributions but also for the use of blocking specific IP numbers.