Some proxies (including squid) include by default an
"X-Forwarded-For:" header containing the IP address of the client
machine using the proxy. If your "undesirables" are using a proxy
with this behaviour just use that address in your access controls.