You could, but there are multiple ways of identifying a client. The basics include IP address, user agent, operating system, cookies etc. As mentioned in the link you posted, proxy servers may be used to mask a user's ip, while this is true, the new IP isn't wrong, the connection is still coming from the proxy server. HTTP_X_FORWARDED_FOR may contain the IP of the originating client and all the proxy servers, or it may not. It is just an added piece of information that shouldn't be treated as fact.
Originally Posted by smengler
"A web server should log BOTH the request's source IP and the X-Forwarded-For header information for completeness." - Wikipedia
Last edited by Alan; 06 Feb 2010 at 04:51 PM.
“The best thing about a boolean is even if you are wrong, you are only off by a bit.”