Blocking proxy users?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
fingers
Forum Newbie
Posts: 5
Joined: Tue Dec 01, 2009 4:32 pm

Blocking proxy users?

Post by fingers »

Hi

I have exhausted the Internet for a effective blocking system. I want to block proxy users.

I have tried;

htaccess

RewriteEngine on
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule .* - [F]



Does not work!

PHP

if (
$_SERVER['HTTP_X_FORWARDED_FOR'] ||
$_SERVER['HTTP_X_FORWARDED'] ||
$_SERVER['HTTP_FORWARDED_FOR'] ||
$_SERVER['HTTP_CLIENT_IP'] ||
$_SERVER['HTTP_VIA'] ||
in_array($_SERVER['REMOTE_PORT'], array(8080,80,6588,8000,3128,553,554)) ||
@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errno, $errstr, 30))
{
exit('Proxy detected');
}

else


Works, but when not coming from a proxy it loads the page very very slow.

I have a linux server, does anyone have any suggestions please?

Thanks.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: Blocking proxy users?

Post by John Cartwright »

You are fighting a war that cannot be won. Transparent proxies are undetectable, and it is up to the proxy to display information of whether it is a proxy connection or not.

However, the reason why your script is running slow is because you are attempting to open a connection with the connecting IP address on port 80 with a timeout of 30 seconds. 99.99% of the time this will result in the 30 second timeout triggering because the rarely will this connection be successful. Basically, this is not a good idea.

Your best bet is to sign up with a service that specializes in collecting the IP ranges of known proxies, and check if the IP exists in such a database.
fingers
Forum Newbie
Posts: 5
Joined: Tue Dec 01, 2009 4:32 pm

Re: Blocking proxy users?

Post by fingers »

were can i find this service ? As i cant seam to find it using google.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: Blocking proxy users?

Post by John Cartwright »

I don't know any off hand, however, it's quite simple to develop a scraper to search the internet for *working* public proxies. (which we did quite successfully for another project).

I do know such services exist, but I wasn't able to locate any either after a quick google.
fingers
Forum Newbie
Posts: 5
Joined: Tue Dec 01, 2009 4:32 pm

Re: Blocking proxy users?

Post by fingers »

mmm, this is a big problem for many websites so how is it there seems to be no clear solution.? I wonder if i am missing something?
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: Blocking proxy users?

Post by John Cartwright »

fingers wrote:mmm, this is a big problem for many websites so how is it there seems to be no clear solution.? I wonder if i am missing something?
No, you are not missing anything, but you have to understand the nature of a proxy. By design, their are meant to disguise the user's identity, and often enough, their own identity. It is 100% up to the proxy to signify if the client connection has been proxied or if the proxy is completely transparent.

There is no magical way to detect such a thing.
User avatar
Apollo
Forum Regular
Posts: 794
Joined: Wed Apr 30, 2008 2:34 am

Re: Blocking proxy users?

Post by Apollo »

As mentioned already, most proxies do NOT reveal any information like PROXY_CONNECTION, X_FORWARDED_FOR, etc, because their very purpose is to hide the fact that they're hiding someone else.
fingers wrote:were can i find this service ? As i cant seam to find it using google.
For example: http://www.ip2proxy.com/

But remember that even such paid services are not 100% proxy proof. There are always new proxies appearing, or other anonymity services (such as TOR), which can by definition of their purpose, not be recognized as such.
fingers
Forum Newbie
Posts: 5
Joined: Tue Dec 01, 2009 4:32 pm

Re: Blocking proxy users?

Post by fingers »

This is the best I have got so far;

<?php
if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errorstring, $errno, 1))
{
header("location:http://www.404page.php");
}
?>

Seems to work with nearly all proxies I have found, not all but a great deal, this remains undetected however megaproxy.com/freesurf/.

It is very fast when there is no proxy so I feel this is quite a good stop gap, better than nothing anyhow. ip2proxy.com is a better option but the cost they want is a little over the top I feel for our problem at the mo.
User avatar
Apollo
Forum Regular
Posts: 794
Joined: Wed Apr 30, 2008 2:34 am

Re: Blocking proxy users?

Post by Apollo »

Then again, is it really that big a problem that people can visit you anonymously?
fingers
Forum Newbie
Posts: 5
Joined: Tue Dec 01, 2009 4:32 pm

Re: Blocking proxy users?

Post by fingers »

Very true, but it goes a little way to reducing the pond scum activity we do not want.

The best proxy services that will get through are NOT free and this filters out quite a big % of the passing scum.

ip2proxy.com is VERY expensive and I have no doubt there are much cheeper systems to do the same,

the search continues.
Post Reply