I'm looking for a method, or a way to detect clients using any type of proxy server viewing my web site. I'm using PHP/Apache... what's the best way to do this? Any proxy server would need to be detected, not specifically one or the other.
Edit
I am more interested in the anonymous proxies... as the normal ones are easily detected by looking for HTTP_X_FORWARDED_FOR
.
Another Edit
Try this:
1) go to http://kproxy.com (or any other free anonymous proxy site)
2) visit: http://www.worldofwarcraft.com
3) they are able to block somehow, as the page errors out with "Error loading stylesheet: A network error occurred loading an XSLT stylesheet:http://kproxy.com/new-hp/layout/layout.xsl"
I want to do something similar to prevent proxies.
Use the following 2 solutions in PHP. // method 1 = quick but does not work with anonymous proxies
$proxy_headers = array( 'HTTP_VIA', 'HTTP_X_FORWARDED_FOR', 'HTTP_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_FORWARDED', 'HTTP_CLIENT_IP', 'HTTP_FORWARDED_FOR_IP', 'VIA', 'X_FORWARDED_FOR', 'FORWARDED_FOR', 'X_FORWARDED', 'FORWARDED', 'CLIENT_IP', 'FORWARDED_FOR_IP', 'HTTP_PROXY_CONNECTION' ); foreach($proxy_headers as $x){ if (isset($_SERVER[$x])) die("You are using a proxy!"); }
// Method 2 = portscan back to the origin IP at the normal proxy ports used.
$ports = array(8080,80,81,1080,6588,8000,3128,553,554,4480); foreach($ports as $port) { if (@fsockopen($_SERVER['REMOTE_ADDR'], $port, $errno, $errstr, 30)) { die("You are using a proxy!"); } }
You can't detect that unless they pass on special headers which explictly mention it like X-Forwarded-For or something.
As far as I know you have to use a blacklist. Users who use putty portforwarding, VPN or other more sophisticated methods are undetactable as they behave exactly like normal users.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With