0

Please let me know how to detect whether a user is behind a free web proxy?

Mark Attwood
  • 4,206
  • 5
  • 27
  • 24
  • 2
    possible duplicate of [Detecting whether a user is behind a proxy](http://stackoverflow.com/questions/1000924/detecting-whether-a-user-is-behind-a-proxy) – msw Jul 03 '10 at 03:54
  • 2
    free webproxy is a different concept – Mark Attwood Jul 03 '10 at 03:59
  • I'm behind a proxy in my home (PFSense). If a website were to block me because of that I'd be pissed. Free web proxy's are built on the same premise as my proxy at home. If they're blocked, just pop up a new one on a new Domain/IP. No way to block it. – Chase Florell Jul 03 '10 at 04:30

4 Answers4

1

You basically need a database of all known web proxies. If you want this because you want to disallow access for users behind a proxy, I would say it's a waste of time. New proxies come up all the time and it's difficult to maintain a database that is up-to-date.

casablanca
  • 69,683
  • 7
  • 133
  • 150
0

Unless you have an exhaustive list of every free web proxy you cannot (and more are being added every day)

Can you tell us more of what you are trying to do? Maybe we can find another way to help you.

Mawg says reinstate Monica
  • 38,334
  • 103
  • 306
  • 551
  • I do know that facebook does not allow user behind a proxy. I just wanted to know how they did it. Plus, I only want legitimate users, not faked users. – Mark Attwood Jul 03 '10 at 03:58
  • 1
    Facebook doesn't allow many common proxies, but there are many that can still get through. It's not an exact science. – Amber Jul 03 '10 at 04:08
  • 2
    @mark - most corporates will be using a proxy, yet the staff will still be able to reach FB. You might find that it is the *proxy* preventing the access to FB, rather than FB detecting that you are coming though a proxy. – slugster Jul 03 '10 at 04:16
  • +1 to slugsters comment - Most companies that i have worked with implemented security at their web proxy servers to disallow traffic from social networking sites - sometimes between X AM - Y PM only - I am not aware of facebook practively doing anything (but this was in their pre - privacy hullabaloo days) – Jagmag Jul 03 '10 at 04:55
0

I don't know much about proxy servers, but I was under the impression that you could check the X-FORWARDED-FOR field in the HTTP header.

mrduclaw
  • 3,965
  • 4
  • 36
  • 37
  • Sorry, I assumed he wants to know if people are coming to his site via a proxy server. So, you check if that field exists since I believe it is added by proxy-servers like Squid. – mrduclaw Jul 05 '10 at 23:20
-3
if( ($_SERVER['HTTP_ACCEPT_ENCODING'] == "") or !isset($_SERVER['HTTP_ACCEPT_ENCODING']) )
{
    // using a proxy
    echo( "<font color=red><b>Using a Proxy</b></font><br>" );
}
else
{
    // not using a proxy
    echo( "<font color=green><b>Not using a Proxy</b></font><br>" );
}

I looked trough the $_SERVER array with and without using a proxy, and I found out that when behind a proxy, $_SERVER['HTTP_ACCEPT_ENCODING'] isn't used, and when not behind a proxy, it is used. I haven't found any proxies that use it yet, and I also haven't found any case of where $_SERVER['HTTP_ACCEPT_ENCODING'] isn't used when not using a proxy.

Just test it yourself, you'll see it works.

takrl
  • 6,356
  • 3
  • 60
  • 69
zwarmapapa
  • 1
  • 1
  • not all proxies will behave that way. Accept encoding header is in fact a common http request header and has little to do with proxies. – badunk Apr 09 '12 at 23:39