Blocking proxy users?
Moderator: General Moderators
Blocking proxy users?
Hi
I have exhausted the Internet for a effective blocking system. I want to block proxy users.
I have tried;
htaccess
RewriteEngine on
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule .* - [F]
Does not work!
PHP
if (
$_SERVER['HTTP_X_FORWARDED_FOR'] ||
$_SERVER['HTTP_X_FORWARDED'] ||
$_SERVER['HTTP_FORWARDED_FOR'] ||
$_SERVER['HTTP_CLIENT_IP'] ||
$_SERVER['HTTP_VIA'] ||
in_array($_SERVER['REMOTE_PORT'], array(8080,80,6588,8000,3128,553,554)) ||
@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errno, $errstr, 30))
{
exit('Proxy detected');
}
else
Works, but when not coming from a proxy it loads the page very very slow.
I have a linux server, does anyone have any suggestions please?
Thanks.
I have exhausted the Internet for a effective blocking system. I want to block proxy users.
I have tried;
htaccess
RewriteEngine on
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule .* - [F]
Does not work!
PHP
if (
$_SERVER['HTTP_X_FORWARDED_FOR'] ||
$_SERVER['HTTP_X_FORWARDED'] ||
$_SERVER['HTTP_FORWARDED_FOR'] ||
$_SERVER['HTTP_CLIENT_IP'] ||
$_SERVER['HTTP_VIA'] ||
in_array($_SERVER['REMOTE_PORT'], array(8080,80,6588,8000,3128,553,554)) ||
@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errno, $errstr, 30))
{
exit('Proxy detected');
}
else
Works, but when not coming from a proxy it loads the page very very slow.
I have a linux server, does anyone have any suggestions please?
Thanks.
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Re: Blocking proxy users?
You are fighting a war that cannot be won. Transparent proxies are undetectable, and it is up to the proxy to display information of whether it is a proxy connection or not.
However, the reason why your script is running slow is because you are attempting to open a connection with the connecting IP address on port 80 with a timeout of 30 seconds. 99.99% of the time this will result in the 30 second timeout triggering because the rarely will this connection be successful. Basically, this is not a good idea.
Your best bet is to sign up with a service that specializes in collecting the IP ranges of known proxies, and check if the IP exists in such a database.
However, the reason why your script is running slow is because you are attempting to open a connection with the connecting IP address on port 80 with a timeout of 30 seconds. 99.99% of the time this will result in the 30 second timeout triggering because the rarely will this connection be successful. Basically, this is not a good idea.
Your best bet is to sign up with a service that specializes in collecting the IP ranges of known proxies, and check if the IP exists in such a database.
Re: Blocking proxy users?
were can i find this service ? As i cant seam to find it using google.
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Re: Blocking proxy users?
I don't know any off hand, however, it's quite simple to develop a scraper to search the internet for *working* public proxies. (which we did quite successfully for another project).
I do know such services exist, but I wasn't able to locate any either after a quick google.
I do know such services exist, but I wasn't able to locate any either after a quick google.
Re: Blocking proxy users?
mmm, this is a big problem for many websites so how is it there seems to be no clear solution.? I wonder if i am missing something?
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Re: Blocking proxy users?
No, you are not missing anything, but you have to understand the nature of a proxy. By design, their are meant to disguise the user's identity, and often enough, their own identity. It is 100% up to the proxy to signify if the client connection has been proxied or if the proxy is completely transparent.fingers wrote:mmm, this is a big problem for many websites so how is it there seems to be no clear solution.? I wonder if i am missing something?
There is no magical way to detect such a thing.
Re: Blocking proxy users?
As mentioned already, most proxies do NOT reveal any information like PROXY_CONNECTION, X_FORWARDED_FOR, etc, because their very purpose is to hide the fact that they're hiding someone else.
But remember that even such paid services are not 100% proxy proof. There are always new proxies appearing, or other anonymity services (such as TOR), which can by definition of their purpose, not be recognized as such.
For example: http://www.ip2proxy.com/fingers wrote:were can i find this service ? As i cant seam to find it using google.
But remember that even such paid services are not 100% proxy proof. There are always new proxies appearing, or other anonymity services (such as TOR), which can by definition of their purpose, not be recognized as such.
Re: Blocking proxy users?
This is the best I have got so far;
<?php
if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errorstring, $errno, 1))
{
header("location:http://www.404page.php");
}
?>
Seems to work with nearly all proxies I have found, not all but a great deal, this remains undetected however megaproxy.com/freesurf/.
It is very fast when there is no proxy so I feel this is quite a good stop gap, better than nothing anyhow. ip2proxy.com is a better option but the cost they want is a little over the top I feel for our problem at the mo.
<?php
if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errorstring, $errno, 1))
{
header("location:http://www.404page.php");
}
?>
Seems to work with nearly all proxies I have found, not all but a great deal, this remains undetected however megaproxy.com/freesurf/.
It is very fast when there is no proxy so I feel this is quite a good stop gap, better than nothing anyhow. ip2proxy.com is a better option but the cost they want is a little over the top I feel for our problem at the mo.
Re: Blocking proxy users?
Then again, is it really that big a problem that people can visit you anonymously?
Re: Blocking proxy users?
Very true, but it goes a little way to reducing the pond scum activity we do not want.
The best proxy services that will get through are NOT free and this filters out quite a big % of the passing scum.
ip2proxy.com is VERY expensive and I have no doubt there are much cheeper systems to do the same,
the search continues.
The best proxy services that will get through are NOT free and this filters out quite a big % of the passing scum.
ip2proxy.com is VERY expensive and I have no doubt there are much cheeper systems to do the same,
the search continues.