a security of PHP

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
recherche
Forum Newbie
Posts: 3
Joined: Fri Jul 11, 2003 2:15 pm

a security of PHP

Post by recherche »

I want to write a script PHP which refuse all proxy anonyme! anyone can help me!
(to avoid people go to my site by proxy anonyme)
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

First you've got to work out how you determine that the user is coming in through a proxy.

Mac
recherche
Forum Newbie
Posts: 3
Joined: Fri Jul 11, 2003 2:15 pm

Post by recherche »

twigletmac wrote:First you've got to work out how you determine that the user is coming in through a proxy.

Mac
I have thought of about
$_SERVER['X_FORWARDED_FOR'] et $_SERVER['X_FORWARDED_FOR']
if these variable exist it means the vistor have used proxy. But I am not satifait with my solution so I ask people here, if there are the another better solutions.
User avatar
Slippy
Forum Contributor
Posts: 113
Joined: Sat Jul 12, 2003 11:31 pm
Location: Vancouver eh!

Post by Slippy »

It is going to be difficult to determine if somebody is coming from a proxy or not on the Internet. Basically, as far as security goes, you should trust nobody all the time and you will have the most success with that.

If you are planning on blocking everybody that is behind an anonymous proxy, you will be blocking almost all CORPORATE users; since almost all corporations/organizations go through some form of a proxy at some point.

Sorry if this is useless information -- Maybe it would help if I knew why you want to ensure that a user is not behind a proxy.

Cheers
User avatar
Stoker
Forum Regular
Posts: 782
Joined: Thu Jan 23, 2003 9:45 pm
Location: SWNY
Contact:

Post by Stoker »

..it would block 100% of the AOL users, they use transparent proxy services.. There is no way to block such unless the proxy adds http headers that indicates it..

I belive he might think more in the terms of illegal use of unprotected proxies, bouncers and socks servers that hackers will use to hide identity, its impossible to block it all, but the only way to test is to have your server do a test towards the connecting hosts on many well known ports.. Very unusual for web servers to do so, but very common for IRC servers and such..
recherche
Forum Newbie
Posts: 3
Joined: Fri Jul 11, 2003 2:15 pm

Post by recherche »

I have thought much about how to find out a person who used proxy come to my site. It is impossible to identify a person behind a proxy, now I want to decover more about that is there a solution to prevent a hacker who use proxy to attack siteweb.
Post Reply