Detecting Proxy [Archive] - Web Hosting Talk

latheesan

02-05-2008, 10:02 AM

Xeentech

02-05-2008, 07:45 PM

I wanted to write a piece of code for detecting proxy so i can prevent people voting using proxy for example.

The code looks something like this :

<?php

if ($_SERVER['HTTP_X_FORWARDED_FOR']
|| $_SERVER['HTTP_X_FORWARDED']
|| $_SERVER['HTTP_FORWARDED_FOR']
|| $_SERVER['HTTP_VIA']
|| $_SERVER['HTTP_CLIENT_IP']
|| in_array($_SERVER['REMOTE_PORT'], array(8080,6588,8000,3128,553,554)))
{
echo 'Proxy detected';
}
else
{
echo 'No proxy detected';
}

?>

When i tried it with one of the popular proxy server, e.g. www.hidemyass.com it always says "No proxy detected". Where im i going wrong? What is the best approach in detecting proxy?

Transparent proxies don't always add these flags/headers, and most don't use their listening socket for the outgoing TCP, so it won't be the same port.

While I check those flags on my e-commerce sites, I mainly rely on the DNS Blacklists. These track most undesirable internet hosts and I silently drop orders from these clients.

I use the Perl Net::Blacklist::Client lib, but I'm sue there is something PHP-ish out there.

Tim Greer

02-06-2008, 04:42 PM

It's not possible to always accurately detect if someone's using a proxy. If you want to restrict how many times people can submit data, you should force them to register via a specific email address, try enforcing cookies (even though people can refuse or modify or clean them), and continue using the proxy check as well. Really, unless you force people to register and provide some specific "one account per email address/account holder name" and verify that with a credit card, you aren't going to be able to get the checks exact, but with different methods such as the above, you can sure make it more of a hassle and out of the minority of people that would think of and know how to bother, of those people, very few people would want to bother.