Results 1 to 3 of 3

Thread: Detecting Proxy

  1. #1
    Join Date
    Jan 2005
    Location
    UK, London
    Posts
    762

    Detecting Proxy

    I wanted to write a piece of code for detecting proxy so i can prevent people voting using proxy for example.

    The code looks something like this :

    PHP Code:
    <?php

    if ($_SERVER['HTTP_X_FORWARDED_FOR']
        || 
    $_SERVER['HTTP_X_FORWARDED']
        || 
    $_SERVER['HTTP_FORWARDED_FOR']
        || 
    $_SERVER['HTTP_VIA']
        || 
    $_SERVER['HTTP_CLIENT_IP']
        || 
    in_array($_SERVER['REMOTE_PORT'], array(8080,6588,8000,3128,553,554)))
    {
        echo 
    'Proxy detected';
    }
    else
    {
        echo 
    'No proxy detected';
    }

    ?>
    When i tried it with one of the popular proxy server, e.g. www.hidemyass.com it always says "No proxy detected". Where im i going wrong? What is the best approach in detecting proxy?

  2. #2
    Join Date
    Aug 2005
    Location
    UK
    Posts
    654
    Quote Originally Posted by latheesan View Post
    I wanted to write a piece of code for detecting proxy so i can prevent people voting using proxy for example.

    The code looks something like this :

    PHP Code:
    <?php

    if ($_SERVER['HTTP_X_FORWARDED_FOR']
        || 
    $_SERVER['HTTP_X_FORWARDED']
        || 
    $_SERVER['HTTP_FORWARDED_FOR']
        || 
    $_SERVER['HTTP_VIA']
        || 
    $_SERVER['HTTP_CLIENT_IP']
        || 
    in_array($_SERVER['REMOTE_PORT'], array(8080,6588,8000,3128,553,554)))
    {
        echo 
    'Proxy detected';
    }
    else
    {
        echo 
    'No proxy detected';
    }

    ?>
    When i tried it with one of the popular proxy server, e.g. www.hidemyass.com it always says "No proxy detected". Where im i going wrong? What is the best approach in detecting proxy?
    Transparent proxies don't always add these flags/headers, and most don't use their listening socket for the outgoing TCP, so it won't be the same port.

    While I check those flags on my e-commerce sites, I mainly rely on the DNS Blacklists. These track most undesirable internet hosts and I silently drop orders from these clients.

    I use the Perl Net::Blacklist::Client lib, but I'm sue there is something PHP-ish out there.

  3. #3
    Join Date
    Apr 2000
    Location
    California
    Posts
    3,051
    It's not possible to always accurately detect if someone's using a proxy. If you want to restrict how many times people can submit data, you should force them to register via a specific email address, try enforcing cookies (even though people can refuse or modify or clean them), and continue using the proxy check as well. Really, unless you force people to register and provide some specific "one account per email address/account holder name" and verify that with a credit card, you aren't going to be able to get the checks exact, but with different methods such as the above, you can sure make it more of a hassle and out of the minority of people that would think of and know how to bother, of those people, very few people would want to bother.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •