Detect clients with Proxy Servers via PHP

Question

I'm looking for a method, or a way to detect clients using any type of proxy server viewing my web site. I'm using PHP/Apache... what's the best way to do this? Any proxy server would need to be detected, not specifically one or the other.

Edit

I am more interested in the anonymous proxies... as the normal ones are easily detected by looking for 'HTTP_X_FORWARDED_FOR'.

Another Edit

Try this:

1) go to http://kproxy.com (or any other free anonymous proxy site)

2) visit: http://www.worldofwarcraft.com

3) they are able to block somehow, as the page errors out with "Error loading stylesheet: A network error occurred loading an XSLT stylesheet:http://kproxy.com/new-hp/layout/layout.xsl"

I want to do something similar to prevent proxies.

Answer 1

You can't detect that unless they pass on special headers which explictly mention it like X-Forwarded-For or something.

As far as I know you have to use a blacklist. Users who use putty portforwarding, VPN or other more sophisticated methods are undetactable as they behave exactly like normal users.

Answer 2

Everything that the client passes to the server can be self-configured. You cannot trust anything, except for an IP address. So you cannot check the header data, if it's a proxy or a normal client.
By the way: It's the intention of a proxy not to show being a proxy :)

For sure, you could take the requester's IP address and send a http request you would send to a proxy. If it reacts, it may be a proxy otherwise, it's a normal client. This method would be very expensive and not reliable. If the proxy your server requested was behind a firewall, you would get no answer and think that it is a normal client.

Answer 3

I think that what's happening here is some client-side JavaScript is trying to load something, and that can "see" that the page is being viewed inside a frame. That might be a more fruitful avenue to explore- as other answers have indicated, proxies intentionally make it hard to determine just from the server alone.

Answer 4

Metasploit uses lots of different techniques to force client's system to make direct connection (vulnerabilities/misfeatures in Flash, Java, QuickTime, MS Office, custom DNS server).

Alternatively, if you can't get client's browser to launch metasploit, you could try to look for open proxies (port scanning) and known Tor exit nodes.

But please don't assume that proxies are evil and need to be blocked – there are plenty of legitimate proxies and some users have to use them.

If you have trouble with spam or other abusive traffic then just blocking of proxies won't help much. You should look for specific solutions that address core of the problem (spam filters, IDS) rather than assuming anonymous = guilty.