Detect clients with Proxy Servers via PHP

Use the following 2 solutions in PHP.

Method 1: quick but does not work with anonymous proxies

$proxy_headers = array(
    'HTTP_VIA',
    'HTTP_X_FORWARDED_FOR',
    'HTTP_FORWARDED_FOR',
    'HTTP_X_FORWARDED',
    'HTTP_FORWARDED',
    'HTTP_CLIENT_IP',
    'HTTP_FORWARDED_FOR_IP',
    'VIA',
    'X_FORWARDED_FOR',
    'FORWARDED_FOR',
    'X_FORWARDED',
    'FORWARDED',
    'CLIENT_IP',
    'FORWARDED_FOR_IP',
    'HTTP_PROXY_CONNECTION'
    );
foreach($proxy_headers as $x){
    if (isset($_SERVER[$x])) die("You are using a proxy!");
}

Method 2: portscan back to the origin IP at the normal proxy ports used.

$ports = array(8080,80,81,1080,6588,8000,3128,553,554,4480);
foreach($ports as $port) {
     if (@fsockopen($_SERVER['REMOTE_ADDR'], $port, $errno, $errstr, 30)) {
          die("You are using a proxy!");
     }
 }

You can't detect that unless they pass on special headers which explictly mention it like X-Forwarded-For or something.

As far as I know you have to use a blacklist. Users who use putty portforwarding, VPN or other more sophisticated methods are undetactable as they behave exactly like normal users.


Metasploit uses lots of different techniques to force client's system to make direct connection (vulnerabilities/misfeatures in Flash, Java, QuickTime, MS Office, custom DNS server).

Alternatively, if you can't get client's browser to launch metasploit, you could try to look for open proxies (port scanning) and known Tor exit nodes.

But please don't assume that proxies are evil and need to be blocked – there are plenty of legitimate proxies and some users have to use them.

If you have trouble with spam or other abusive traffic then just blocking of proxies won't help much. You should look for specific solutions that address core of the problem (spam filters, IDS) rather than assuming anonymous = guilty.

Tags:

Php

Proxy