Determine if Referring Url is behind a proxy.

Question

If you go to whatismyipaddress.com using a public proxy, it will report your proxy ip, but it will also (usually) report that you're using a proxy, and your originating IP as well in many cases.

How does it do this?

Similar sites like Gmail and Craigslist can tell if the computers connecting to them are proxy servers as well.

I have a site with data that is free to browse 200x/day/ip, but I'd like to protect it from harvesting by people using proxies.

Any tips or insights into how this is accomplished are appreciated.

Answer 1

Please check this SO thread. It explains how to do it. It is tagged for PHP but I think the idea remains same here.

EDIT :I am duplicating the accepted answer here for reference :

TOR does not supply any server headers such as X_FORWARDED_FOR, so your best bet is to use a list of all known exit nodes. A list can be found at https://torstat.xenobite.eu/.

For other proxies, you can look at server headers. Possible server headers of interest include:

• HTTP_VIA
• HTTP_X_FORWARDED_FOR
• HTTP_FORWARDED_FOR
• HTTP_X_FORWARDED
• HTTP_FORWARDED
• HTTP_CLIENT_IP
• HTTP_FORWARDED_FOR_IP
• VIA
• X_FORWARDED_FOR
• FORWARDED_FOR
• X_FORWARDED
• FORWARDED
• CLIENT_IP
• FORWARDED_FOR_IP
• HTTP_PROXY_CONNECTION

In PHP, you can get the value of these fields in the $_SERVER[] superglobal.