I want to write a script PHP which refuse all proxy anonyme! anyone can help me!
(to avoid people go to my site by proxy anonyme)
a security of PHP
Moderator: General Moderators
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
I have thought of abouttwigletmac wrote:First you've got to work out how you determine that the user is coming in through a proxy.
Mac
$_SERVER['X_FORWARDED_FOR'] et $_SERVER['X_FORWARDED_FOR']
if these variable exist it means the vistor have used proxy. But I am not satifait with my solution so I ask people here, if there are the another better solutions.
It is going to be difficult to determine if somebody is coming from a proxy or not on the Internet. Basically, as far as security goes, you should trust nobody all the time and you will have the most success with that.
If you are planning on blocking everybody that is behind an anonymous proxy, you will be blocking almost all CORPORATE users; since almost all corporations/organizations go through some form of a proxy at some point.
Sorry if this is useless information -- Maybe it would help if I knew why you want to ensure that a user is not behind a proxy.
Cheers
If you are planning on blocking everybody that is behind an anonymous proxy, you will be blocking almost all CORPORATE users; since almost all corporations/organizations go through some form of a proxy at some point.
Sorry if this is useless information -- Maybe it would help if I knew why you want to ensure that a user is not behind a proxy.
Cheers
..it would block 100% of the AOL users, they use transparent proxy services.. There is no way to block such unless the proxy adds http headers that indicates it..
I belive he might think more in the terms of illegal use of unprotected proxies, bouncers and socks servers that hackers will use to hide identity, its impossible to block it all, but the only way to test is to have your server do a test towards the connecting hosts on many well known ports.. Very unusual for web servers to do so, but very common for IRC servers and such..
I belive he might think more in the terms of illegal use of unprotected proxies, bouncers and socks servers that hackers will use to hide identity, its impossible to block it all, but the only way to test is to have your server do a test towards the connecting hosts on many well known ports.. Very unusual for web servers to do so, but very common for IRC servers and such..