Detecting Whether a User Is Behind a Proxy

Detecting whether a user is behind a proxy

TOR does not supply any server headers such as X_FORWARDED_FOR, so your best bet is to use a list of all known exit nodes. A list can be found at https://torstat.xenobite.eu/.

For other proxies, you can look at server headers. Possible server headers of interest include: 

HTTP_VIA 
HTTP_X_FORWARDED_FOR
HTTP_FORWARDED_FOR 
HTTP_X_FORWARDED
HTTP_FORWARDED 
HTTP_CLIENT_IP
HTTP_FORWARDED_FOR_IP 
VIA
X_FORWARDED_FOR 
FORWARDED_FOR
X_FORWARDED FORWARDED
CLIENT_IP
FORWARDED_FOR_IP
HTTP_PROXY_CONNECTION

In PHP, you can get the value of these fields in the $_SERVER[] superglobal.

Detect if user is behind a proxy server

Unless a proxy uses special header, like X-Forwarded-For, you can't differentiate it from a normal user. As those 'black' proxies are not so naive (their purpose is to protect their users, remember), your only choice are IP blacklists - like the ones provided by Project Honeypot.

determine if user is using proxy

After searching Google for php detect http proxies I came up with the following:

http://forums.digitalpoint.com/showthread.php?t=58964

http://forums.digitalpoint.com/showthread.php?t=365467

http://www.roscripts.com/PHP_Proxy_Detector-75.html

...and quite a number of other interesting hits.

EDIT:

AFAIK there is no way to detect HTTP proxies either with absolute certainty, or safely:

  • Anonymizer services do not add the proper headers to their requests - as a matter of fact they remove some of them. You need to keep a list of the most popular anonymizer services and their IP address blocks and detect them that way. There are some lists on-line that you might be able to use, but they are far from complete - especially if you consider that most large institutions (ISPs, companies, universities etc) provide a proxy server for their users. Some even require their users to use them.

  • Many HTTP proxies are configured so that they simply forward requests without altering the headers.

  • VPN installations have the same effect as an HTTP proxy - namely allowing HTTP requests to originate from a different IP than that of the computer where the web broswer is - without being one.

  • Any SSH server can be used as a SOCKS proxy by its users, which is not really detectable since it is not really an HTTP proxy.

  • There are many legitimate HTTP proxies that are not publically accessible. For example there are HTTP proxy products that are installed in a home network and provide parental control and questionable content (pornography, phishing sites etc) filtering for the whole network.

What kind of abuse are you seeing, where detecting HTTP proxies could be useful?

How do you detect a VPN or Proxy connection?

Unfortunately, there's is no proper technical way to get the information you want. You might invent some tests, but those will have a very low correlation with the reality. So either you'll not catch those you want, or you'll have a larger number of false positives. Neither can be considered to make sense.

Generating any kind of traffic backwards from an Internet server in response to an incoming client (a port scan, or even a simple ping) is generally frowned upon. Or, in the case of a port scan, it may be even worse for you, eg when the client lives behind a central corporate firewall, the worst of which is when the client comes from behind the central government network firewall pool...

Frankly, IP-based bans (or actually, any kind of limiting focusing on people who do not exclusively possess their public IP address: proxy servers, VPNs, NAT devices, etc) have been unrealistic for a long time, and as the IPv4 pools have been getting depleted in many parts of the world, ISPs are putting more and more clients behind large NAT pools (it's this week's news in my country that the largest ISP, a subsidiary of Deutsche Telekom, has started handing out private IPv4 addresses as a standard way of business to its customers, and people have to ask the provider explicitly to get a public IP address), so there's even less and less point in doing so. If you want to ban clients, you should ban them based on identity (account), and not based on IP address.

Are there any php functions/libs/etc to detect if a user is behind a proxy or not?

Many legitimate users will come to you through proxies - are you sure you want to filter all of them out? For example:

  • ISPs that run caching proxies for all their users
  • People on corporate networks

To answer your question, checking for the X-Forwarded-For or Via headers is probably your best bet.


Related Topics

Codeigniter Model Error: Undefined Property

How Many Days Until X-Y-Z Date

Read Last Line from File

PHP Array VS [ ] in Method and Variable Declaration

Parsing JavaScript (Not JSON) in PHP

Replacing Variables in a String

Exclude Hidden Files from Scandir

How to Avoid Resending Data on Refresh in PHP

How to Select Rows in MySQL Starting at a Given Row Number

PHP Get Content of Http 400 Response

Soapfault Exception: Could Not Connect to Host

How to Extend a Class Dynamically

Using Array_Intersect on a Multi-Dimensional Array

What Security Problems Could Come from Exposing PHPinfo() to End Users

Best Way to Periodically Execute a PHP Script

Call PHP Function from Jquery

Check If Two Arrays Have the Same Values

Sending and Receiving Data from Flash As3 to PHP


Leave a reply



Submit