Page 1 of 1
a security of PHP
Posted: Fri Jul 11, 2003 2:15 pm
by recherche
I want to write a script PHP which refuse all proxy anonyme! anyone can help me!
(to avoid people go to my site by proxy anonyme)
Posted: Sat Jul 12, 2003 3:17 pm
by twigletmac
First you've got to work out how you determine that the user is coming in through a proxy.
Mac
Posted: Sun Jul 13, 2003 9:10 am
by recherche
twigletmac wrote:First you've got to work out how you determine that the user is coming in through a proxy.
Mac
I have thought of about
$_SERVER['X_FORWARDED_FOR'] et $_SERVER['X_FORWARDED_FOR']
if these variable exist it means the vistor have used proxy. But I am not satifait with my solution so I ask people here, if there are the another better solutions.
Posted: Sun Jul 13, 2003 3:39 pm
by Slippy
It is going to be difficult to determine if somebody is coming from a proxy or not on the Internet. Basically, as far as security goes, you should trust nobody all the time and you will have the most success with that.
If you are planning on blocking everybody that is behind an anonymous proxy, you will be blocking almost all CORPORATE users; since almost all corporations/organizations go through some form of a proxy at some point.
Sorry if this is useless information -- Maybe it would help if I knew why you want to ensure that a user is not behind a proxy.
Cheers
Posted: Sun Jul 13, 2003 6:35 pm
by Stoker
..it would block 100% of the AOL users, they use transparent proxy services.. There is no way to block such unless the proxy adds http headers that indicates it..
I belive he might think more in the terms of illegal use of unprotected proxies, bouncers and socks servers that hackers will use to hide identity, its impossible to block it all, but the only way to test is to have your server do a test towards the connecting hosts on many well known ports.. Very unusual for web servers to do so, but very common for IRC servers and such..
Posted: Mon Jul 14, 2003 8:11 am
by recherche
I have thought much about how to find out a person who used proxy come to my site. It is impossible to identify a person behind a proxy, now I want to decover more about that is there a solution to prevent a hacker who use proxy to attack siteweb.