View Full Version : Recursive function to detect IP address if forwarded by proxy server?

03-11-2009, 08:42 PM
Question about getting the user's IP address via PHP:

The code snippet below tests if the the user's IP address has been forwarded by a proxy server. If it has been forwarded, then it tries to find where it was forwarded from. Otherwise the IP address is set to the $ip variable.


I have three questions:

1- Is there a way to turn this into a recursive function in case the user is behind several proxy servers?

2- How difficult is it for users to mask their IP addresses to subvert functions like the one above?

3- Is it practical to ban users by IP address? Or are there too many loopholes and/or shared IP addresses.

Thanks in advance for your thoughts.


03-12-2009, 03:23 AM
I'm not an expert on internet architecture, but I've recently spent a lot of time investigating how to properly use proxies to secure yourself on the web, so I'm pretty sure the answers are:

1) No. You can't look back any farther than the data you already have, at least not in an automated fashion. Where the proxy got the request from is a piece of data known only to the proxy, and they don't have to tell if they don't want to.

2) Not very difficult at all. In about 10 minutes you can download a free browser (Tor Browser) that will automatically forward all your internet requests through multiple anonymous proxies, making it literally impossible for anyone to track where the request actually originated from. Even the tor network itself can't even tell you where the original request came from. If you read up on the Tor Browser and how it works, that will give you a good starting point to get more detailed answers to your questions.

3) It probably is practical to ban users by IP Address. Although there are many ways to get around an IP address ban, the vast majority of users will not know this, and so will be quite stuck when you ban their IP address. So banning an IP won't fix 100% of your problems, but it will fix 99% of them. Usually, that's good enough.

03-12-2009, 03:33 AM
Not unless you have a lot of power on the previous routers or servers. You can try a tracert but that will only list up to the last router.
Not difficult
No, ip bans are only useful for problematic users that are not computer savvy. Banning entire submasks would work, but that will cut down on a lot of potential visitors.

As for you're above, I believe REMOTE_ADDR is always available. You're code is backwards, you should test for the existance of the HTTP_X_FORWARDED_FOR value first. X_FROWARDED_FROM also includes any internal networks as well, so you need to determine that. There is also HTTP_FROM and HTTP_VIA, but I've never seen the HTTP_VIA ever set.

03-12-2009, 04:59 AM
Great info. Many thanks for the replies.

Much appreciated.