determine if user is using proxy
After searching Google for php detect http proxies
I came up with the following:
http://forums.digitalpoint.com/showthread.php?t=58964
http://forums.digitalpoint.com/showthread.php?t=365467
http://www.roscripts.com/PHP_Proxy_Detector-75.html
...and quite a number of other interesting hits.
EDIT:
AFAIK there is no way to detect HTTP proxies either with absolute certainty, or safely:
Anonymizer services do not add the proper headers to their requests - as a matter of fact they remove some of them. You need to keep a list of the most popular anonymizer services and their IP address blocks and detect them that way. There are some lists on-line that you might be able to use, but they are far from complete - especially if you consider that most large institutions (ISPs, companies, universities etc) provide a proxy server for their users. Some even require their users to use them.
Many HTTP proxies are configured so that they simply forward requests without altering the headers.
VPN installations have the same effect as an HTTP proxy - namely allowing HTTP requests to originate from a different IP than that of the computer where the web broswer is - without being one.
Any SSH server can be used as a SOCKS proxy by its users, which is not really detectable since it is not really an HTTP proxy.
There are many legitimate HTTP proxies that are not publically accessible. For example there are HTTP proxy products that are installed in a home network and provide parental control and questionable content (pornography, phishing sites etc) filtering for the whole network.
Detect if user is behind a proxy server
Unless a proxy uses special header, like X-Forwarded-For
, you can't differentiate it from a normal user. As those 'black' proxies are not so naive (their purpose is to protect their users, remember), your only choice are IP blacklists - like the ones provided by Project Honeypot.
Detecting whether a user is behind a proxy
TOR does not supply any server headers such as X_FORWARDED_FOR, so your best bet is to use a list of all known exit nodes. A list can be found at https://torstat.xenobite.eu/.
For other proxies, you can look at server headers. Possible server headers of interest include:
HTTP_VIA
HTTP_X_FORWARDED_FOR
HTTP_FORWARDED_FOR
HTTP_X_FORWARDED
HTTP_FORWARDED
HTTP_CLIENT_IP
HTTP_FORWARDED_FOR_IP
VIA
X_FORWARDED_FOR
FORWARDED_FOR
X_FORWARDED FORWARDED
CLIENT_IP
FORWARDED_FOR_IP
HTTP_PROXY_CONNECTION
In PHP, you can get the value of these fields in the $_SERVER[] superglobal
. How to know if a user is using a proxy?
No, but if it is for caching purposes you can control the caching of proxies pretty efficiently using the http protocol headers.
How do you detect a VPN or Proxy connection?
Unfortunately, there's is no proper technical way to get the information you want. You might invent some tests, but those will have a very low correlation with the reality. So either you'll not catch those you want, or you'll have a larger number of false positives. Neither can be considered to make sense.
Generating any kind of traffic backwards from an Internet server in response to an incoming client (a port scan, or even a simple ping) is generally frowned upon. Or, in the case of a port scan, it may be even worse for you, eg when the client lives behind a central corporate firewall, the worst of which is when the client comes from behind the central government network firewall pool...
Frankly, IP-based bans (or actually, any kind of limiting focusing on people who do not exclusively possess their public IP address: proxy servers, VPNs, NAT devices, etc) have been unrealistic for a long time, and as the IPv4 pools have been getting depleted in many parts of the world, ISPs are putting more and more clients behind large NAT pools (it's this week's news in my country that the largest ISP, a subsidiary of Deutsche Telekom, has started handing out private IPv4 addresses as a standard way of business to its customers, and people have to ask the provider explicitly to get a public IP address), so there's even less and less point in doing so. If you want to ban clients, you should ban them based on identity (account), and not based on IP address.
How to detect the presence of a HTTP proxy in Node.js?
If it's Charles Proxy or Fiddler, they run on the local machine and the interception is transparent - so neither the IP changes, nor do they add an HTTP header to disclose that they are present. As these tools are used in security tests it would be detrimental for them to announce their presence as the software under test could detect them and behave differently.
Normal web proxies like Squid or load balancer setups should add one of the following HTTP headers, though:
Via
for exampleVia: 1.1 vegur
X-Forwarded-For
for exampleX-Forwarded-For: 192.168.1.10
Related Topics
Notice: Ob_End_Flush(): Failed to Send Buffer of Zlib Output Compression (1) In
How to Refresh Select2 Dropdown Menu After Ajax Loading Different Content
How to Use Laravel Passport with a Custom Username Column
PHP Fatal Error: Call to Undefined Function Imagettftext()
Selenium2 Firefox: Use the Default Profile
How to Remove Exif from a Jpg Without Losing Image Quality
Pass Array to Where in Codeigniter Active Record
What Sort Algorithm Does PHP Use
PHP to Check If a Url Contains a Query String
How to Call a Static Method on a Variable Class
How to Get the Root Url of the Site
Optimizing MySQL Fulltext Search
Converting PHP Array of Arrays into Single Array
PHP Curl: Curlopt_Connecttimeout VS Curlopt_Timeout
How to Remove All Dtddwrappers and Labels on Zend Form Elements
Why a Full Stop, "." and Not a Plus Symbol, "+", for String Concatenation in PHP