determine if user is using proxy

php proxy http-headers

24,409

After searching Google for php detect http proxies I came up with the following:

http://forums.digitalpoint.com/showthread.php?t=58964

http://forums.digitalpoint.com/showthread.php?t=365467

http://www.roscripts.com/PHP_Proxy_Detector-75.html

...and quite a number of other interesting hits.

EDIT:

AFAIK there is no way to detect HTTP proxies either with absolute certainty, or safely:

Anonymizer services do not add the proper headers to their requests - as a matter of fact they remove some of them. You need to keep a list of the most popular anonymizer services and their IP address blocks and detect them that way. There are some lists on-line that you might be able to use, but they are far from complete - especially if you consider that most large institutions (ISPs, companies, universities etc) provide a proxy server for their users. Some even require their users to use them.
Many HTTP proxies are configured so that they simply forward requests without altering the headers.
VPN installations have the same effect as an HTTP proxy - namely allowing HTTP requests to originate from a different IP than that of the computer where the web broswer is - without being one.
Any SSH server can be used as a SOCKS proxy by its users, which is not really detectable since it is not really an HTTP proxy.
There are many legitimate HTTP proxies that are not publically accessible. For example there are HTTP proxy products that are installed in a home network and provide parental control and questionable content (pornography, phishing sites etc) filtering for the whole network.

What kind of abuse are you seeing, where detecting HTTP proxies could be useful?

24,409

jefffan24

Currently work at BounceX as a Software Engineer.

Updated on July 09, 2022

Comments

jefffan24 almost 2 years
Hi I'm creating a game and I would like to be able to tell if a user is using a proxy. If they are than it basically puts a flag on their account. I can make it do the flag and all but I'm not exactly sure how to tell if a user is using a proxy. I've seen you can use headers but I'm not exactly sure which to look for and how you would check if a user "has" a header (besides the normal http_referrer and what not).

Any help is greatly appreciated.

Edit
```
if ( $_SERVER['HTTP_X_FORWARDED_FOR']
|| $_SERVER['HTTP_X_FORWARDED']
|| $_SERVER['HTTP_FORWARDED_FOR']
|| $_SERVER['HTTP_CLIENT_IP']
|| $_SERVER['HTTP_VIA']
|| in_array($_SERVER['REMOTE_PORT'], array(8080,80,6588,8000,3128,553,554))
|| @fsockopen($_SERVER['REMOTE_ADDR'], 80, $errno, $errstr, 30))
{
     exit('Proxy detected');
}
```
So this code mostly works, when the user is a proxy it quickly exits. But when they aren't it takes forever to load (about 10 seconds). Is there anyway to use this script but make it work faster?

EDIT 2

Changed the timeout on fsockopen from 30 to 1 and it works much quicker and is still working. Thanks for the suggestions everyone :)
jefffan24 over 13 years

Its more of a another way to check if the user is cheating. We have a few checks in place but really the only way to cheat in my game is to have 2 or more accounts controlled by one person in the same "group/company/alliance". Other than that there isn't really any reason to cheat. So by checking if they are using a proxy, it was basically a way to back them in a corner and ask them why they are cheating. Something else for them to prove. Look above for an edit on the best script I found and why it isn't working for me.
jefffan24 over 13 years

well scratch that, I just changed the timeout on the script above and it worked. That script seems to be working, it blocked vtunnel.com and hidemyass.com
thkala over 13 years

I am not a PHP programmer, but unless I am mistaken your script attempts to open a connection at port 80 of the remote host. If that port is blocked by a firewall (the norm for home users) and the packet is dropped instead of rejected your script will have to wait until the connection times out. I would remove that check outright - it's not really useful since many proxies don't use port 80 anyway, and it also catches home users that have an open web server at home.
jefffan24 over 13 years

That seems to be thing that is catching most proxies actually and allowing myself in. When I take that line out vtunnel.com and hidemyass.com pass as normal, but I put that line in and it blocks them. I think it has to do something with most proxies not opening port 80 or something.
thkala over 13 years

Actually I believe that your code catches anyone with an open port 80. I don't think it will be very reliable when used widely, since it would catch any home user with a web server. And it will fail to catch SOCKS proxies anyway.
jefffan24 over 13 years

Yeah that may be so, but I wasn't really catching any with the first few headers (not from the big name proxies). I'm not going to block anybody from the site, this is just to give us ammo against them if we feel their cheating.
thkala over 13 years

Fair enough. In any case, you'd need a bunch of in-game heuristics to detect actual cheating. Take care not to penalize the quite common case of a few friends playing together from the same location.
Mark Nottingham about 13 years

Proxies are quite common, especially outside the US; e.g., ISPs use them, corporations use them. Mobile providers use them as well.
Mark Nottingham about 13 years

Also, the second-to-last line ("in_array($_SERVER['REMOTE_PORT'], array(8080,80,6588,8000,3128,553,554))") doesn't really work; the remote port will be a high, random port, not 80/8080/8000/etc (those are the listening ports on the proxy). The last line (@fsockopen) isn't great either; not only is it unfriendly, but it doesn't really prove anything (only that the client happens to be running a Web server) and it's what's introducing your latency.