Detecting whether a user is behind a proxy

http php proxy

Solution 1:

TOR does not supply any server headers such as X_FORWARDED_FOR, so your best bet is to use a list of all known exit nodes. A list can be found at https://torstat.xenobite.eu/.

For other proxies, you can look at server headers. Possible server headers of interest include: 

HTTP_VIA 
HTTP_X_FORWARDED_FOR
HTTP_FORWARDED_FOR 
HTTP_X_FORWARDED
HTTP_FORWARDED 
HTTP_CLIENT_IP
HTTP_FORWARDED_FOR_IP 
VIA
X_FORWARDED_FOR 
FORWARDED_FOR
X_FORWARDED FORWARDED
CLIENT_IP
FORWARDED_FOR_IP
HTTP_PROXY_CONNECTION

In PHP, you can get the value of these fields in the $_SERVER[] superglobal.

Solution 2:

If your want to check weather the user is using proxy or not you can go with the port scan and checking the headers when request is made. These method will reveal public IP if the proxy is non-transparent (By the way there are two types of IP address public and private IP address). But this will not work if it is transparent proxy.

function detectProxy() {
  $sockport = false;

     $proxyports=array(80,8080,6588,8000,3128,3127,3124,1080,553,554);
 for ($i = 0; $i <= count($proxyports); $i++) {
 if(@fsockopen($ipaddress,$proxyports[$i],$errstr,$errno,0.5)){
 $sockport=true;
 }
 }

 if(
     isset($_SERVER['HTTP_VIA'])
     || isset($_SERVER['HTTP_X_FORWARDED_FOR'])
     || isset($_SERVER['HTTP_FORWARDED_FOR'])
     || isset($_SERVER['HTTP_X_FORWARDED'])
     || isset($_SERVER['HTTP_FORWARDED'])
     || isset($_SERVER['HTTP_CLIENT_IP'])
     || isset($_SERVER['HTTP_FORWARDED_FOR_IP'])
     || isset($_SERVER['VIA'])
     || isset($_SERVER['X_FORWARDED_FOR'])
     || isset($_SERVER['FORWARDED_FOR'])
     || isset($_SERVER['X_FORWARDED'])
     || isset($_SERVER['FORWARDED'])
     || isset($_SERVER['CLIENT_IP'])
     || isset($_SERVER['FORWARDED_FOR_IP'])
     || isset($_SERVER['HTTP_PROXY_CONNECTION'])
     || $sockport === true
 ) {
     echo 'User is using proxy';
 }
 else{
     echo ''user is not using proxy';
  }
 }

Second method is by using DNS server by allocating sub domain to each user.

You can also check this site proxy checker which will show public and private IP address even when you are using proxy.

Solution 3:

Neither Java Applets or Flash is supposed to leak the client IP. I know that older versions of Flash had a security flaw that made it possible. Most probably that is patched by now.

I've never used TOR but from what I read it seems to be implemented as a kind of VPN and thus the browser will not be aware of it at all.

Why do you need to know if the user is behind a proxy?

Solution 4:

If it's an option you can try using https. The user IP then should be visible to you. However don't know about office users behind SSL proxies.

Related

How to list additional external storage folders (mount points)?
NEHotspotHelper annotations not appearing
Adding scroll bar in subplots within GUI
Delphi 2009: How to communicate between Windows service & desktop application under Vista?
Change iPhone navigation bar's height
Chart.js - Getting data from database using mysql and php
Google Flights/QPX Query Without Destination [closed]
Add embedded image in emails in AWS SES service
How can I get soft deleted entity from typeorm postgreSQL?
PHP Question : The echo message didnt show up [duplicate]
Malformed calls from JS : field sizes are different [[8,39],[4,0]
iOS 14 / UI Testing DatePicker