Hi all,
I have a section on my site allowing people to post comments. I currently
log the persona ipaddress using ENV{REMTE_ADDR} which works fine as long as
the person isn't using a proxy.
My problem is when people are using proxy I am just getting the ipAddress of
the proxy and I know several peoples ISPs use the same proxy therefore I
find it difficult to differentiate between which posts come from which
people.
Is there a way to get the persons actual ipaddress when they are using a
proxy. This website seems to have managed it near the bottom on their proxy
test
If this is not possible is there another way to get some individual computer
identifiable information just so I know which posts come from the same
people?
Thanks in advance
Regards
Jamie

Fri, 17 Feb 2006 03:27:03 CST, in , "Jamie" <jamie@jamieallison.co.uk>
wrote:

>I log the ipaddress using ENV{REMTE_ADDR} which works fine as long as
>the person isn't using a proxy
>
>My problem is when people are using proxy I am just getting the ipAddress of
>the proxy
>
>Is there a way to get the persons actual ipaddress when they are using a
>proxy

No

>If this is not possible is there another way to get some individual computer
>identifiable information just so I know which posts come from the same
>people?

The simplest technique is HTTP basic authentication, which sets REMTE_USER

you could use cookies

"Erika Wasser" <mumpsext@washcane.g.stwrites:

>Is there a way to get the persons actual ipaddress when they are using a
>proxy
>
No

No kidding? What ever happened to HTTP_VIA? Sheesh. I leave CGI
programming for a few years and they change everything.

Bruce Lewis wrote:

>"Erika Wasser" <mumpsext@washcane.g.stwrites:
>
>>Is there a way to get the persons actual ipaddress when they are using a
>>proxy
>>
>No
>
>No kidding? What ever happened to HTTP_VIA? Sheesh. I leave CGI
>programming for a few years and they change everything.

No, they haven't changed "everything". It has always been like that.
Have you ever heard of an "anatomising proxy"? That's precisely it: it
depends on the proxy. If a proxy doesn't say who he's fetching a web
page for, then here's no way the webserver can tell your scripts. Those
handy HTTP_* environment variables are merely translated HTTP headers,
the header field with a "HTTP_" prefix added. I've used my ISP's proxy
for years, and that one resulted in existence of a HTTP_REMTE_ADDRESS
environment variable instead (and a HTTP_REMTE_HST as well, IIRC).

So, in short: it all depends on the proxy. There is no one final way for
all.

Thanks for you help.

When i am surfing from home i go through a proxy and if i go to my site
which logs the ipaddress it logs it as the proxy ip address but if i go to
and do the proxy test it manages to show me
the proxy ipaddress and also my actual computer ipaddress. How does this
site manage to do that? Any idea?

Jamie

"Bart Lateur" <bart.lateur@pandora.bewrote in message
@4ax.com
Bruce Lewis wrote:
>
>>"Erika Wasser" <mumpsext@washcane.g.stwrites:
>>
>Is there a way to get the persons actual ipaddress when they are using
>a
>proxy

No
>>
>>No kidding? What ever happened to HTTP_VIA? Sheesh. I leave CGI
>>programming for a few years and they change everything.
>
No, they haven't changed "everything". It has always been like that.
Have you ever heard of an "anatomising proxy"? That's precisely it: it
depends on the proxy. If a proxy doesn't say who he's fetching a web
page for, then here's no way the webserver can tell your scripts. Those
handy HTTP_* environment variables are merely translated HTTP headers,
the header field with a "HTTP_" prefix added. I've used my ISP's proxy
for years, and that one resulted in existence of a HTTP_REMTE_ADDRESS
environment variable instead (and a HTTP_REMTE_HST as well, IIRC).

So, in short: it all depends on the proxy. There is no one final way for
all.

Jamie Allison wrote:
Thanks for you help.

When i am surfing from home i go through a proxy and if i go to my site
which logs the ipaddress it logs it as the proxy ip address but if i go to
and do the proxy test it manages to show me
the proxy ipaddress and also my actual computer ipaddress. How does this
site manage to do that? Any idea?

Like he said earlier it depends on the particular proxy. Try
several different ones and I'm sure you'll come up with one that will
break test.

Jamie

What you might want to do is to use cookies or some other sort of
authentification. Keep in mind though that using just cookies alone
does not identify a person, like you were trying to do. It just
identifies the computer. If the computer is at a library or school,
several people might be using it. Also, one person may use several
computers; each time he uses a different computer he is seen as a
different person when you use just cookies.

Sun, 19 Feb 2006 08:58:10 CST, in , "Jamie Allison"
<jamie@jamieallison.co.ukwrote:

Sat, 18 Feb 2006 00:22:33 +0000, in , "Erika Wasser" <mumpsext@washcane.g.stwrote:
>
>Fri, 17 Feb 2006 03:27:03 CST, in , "Jamie" <jamie@jamieallison.co.uk>
>>wrote:
>>
I log the ipaddress using ENV{REMTE_ADDR} which works fine as long as
the person isn't using a proxy

My problem is when people are using proxy I am just getting the ipAddress of
the proxy

Is there a way to get the persons actual ipaddress when they are using a
proxy
>>
>>No
>
>if i go to and do the proxy test it
>manages to show me the proxy ipaddress and also my actual computer
>ipaddress. How does this site manage to do that?

Your proxy server is sending your IP address in a non-standard HTTP request
header field. Some proxy servers do this. Some do not

The purpose of the proxy test at all-nettools.com is to demonstrate that your
proxy server may not be protecting your privacy

Your purpose is to identify the actual IP address. Non-standard HTTP request
header fields are not appropriate for your purpose because they can be forged
easily