Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Detect clients with Proxy Servers via PHP [duplicate]

Tags:

php

proxy

I'm looking for a method, or a way to detect clients using any type of proxy server viewing my web site. I'm using PHP/Apache... what's the best way to do this? Any proxy server would need to be detected, not specifically one or the other.

Edit

I am more interested in the anonymous proxies... as the normal ones are easily detected by looking for HTTP_X_FORWARDED_FOR.

Another Edit

Try this:

1) go to http://kproxy.com (or any other free anonymous proxy site)

2) visit: http://www.worldofwarcraft.com

3) they are able to block somehow, as the page errors out with "Error loading stylesheet: A network error occurred loading an XSLT stylesheet:http://kproxy.com/new-hp/layout/layout.xsl"

I want to do something similar to prevent proxies.

like image 542
MichaelICE Avatar asked May 13 '09 14:05

MichaelICE


2 Answers

Use the following 2 solutions in PHP. // method 1 = quick but does not work with anonymous proxies

    $proxy_headers = array(         'HTTP_VIA',         'HTTP_X_FORWARDED_FOR',         'HTTP_FORWARDED_FOR',         'HTTP_X_FORWARDED',         'HTTP_FORWARDED',         'HTTP_CLIENT_IP',         'HTTP_FORWARDED_FOR_IP',         'VIA',         'X_FORWARDED_FOR',         'FORWARDED_FOR',         'X_FORWARDED',         'FORWARDED',         'CLIENT_IP',         'FORWARDED_FOR_IP',         'HTTP_PROXY_CONNECTION'     );     foreach($proxy_headers as $x){         if (isset($_SERVER[$x])) die("You are using a proxy!");     } 

// Method 2 = portscan back to the origin IP at the normal proxy ports used.

    $ports = array(8080,80,81,1080,6588,8000,3128,553,554,4480);     foreach($ports as $port) {          if (@fsockopen($_SERVER['REMOTE_ADDR'], $port, $errno, $errstr, 30)) {               die("You are using a proxy!");          }      } 
like image 117
X-Ray Avatar answered Sep 17 '22 15:09

X-Ray


You can't detect that unless they pass on special headers which explictly mention it like X-Forwarded-For or something.

As far as I know you have to use a blacklist. Users who use putty portforwarding, VPN or other more sophisticated methods are undetactable as they behave exactly like normal users.

like image 33
TomHastjarjanto Avatar answered Sep 20 '22 15:09

TomHastjarjanto