Bureaucrats, developer, Administrators
9,842
edits
OpenProxy: Difference between revisions
i don't really get how you can detect the user correctly if the proxy is configured to not make this information public, only monitoring in and outgoing connections would make this possible imho
No edit summary |
( i don't really get how you can detect the user correctly if the proxy is configured to not make this information public, only monitoring in and outgoing connections would make this possible imho) |
||
| Line 1: | Line 1: | ||
Using web software, a user visiting your website using a proxy will not appear to be any different than a user visiting without one. There is nothing you can code in ASP, PHP, CGI, Javascript, etc. that can tell the difference. | Using web software, a user visiting your website using a proxy will not appear to be any different than a user visiting without one. There is nothing you can code in ASP, PHP, CGI, Javascript, etc. that can tell the difference. | ||
There are many services and programs out there that claim to detect a proxy by looking at the HTTP HEADERS sent by the server. This is about as effective as placing a pop-up asking the user if they are using a proxy server! The headers are: | There are many services and programs out there that claim to detect a proxy by looking at the HTTP HEADERS sent by the server. This is about as effective as placing a pop-up asking the user if they are using a proxy server! The headers are: | ||
HTTP_X_FORWARDED_FOR | *HTTP_X_FORWARDED_FOR | ||
HTTP_VIA | *HTTP_VIA | ||
HTTP_PROXY_CONNECTION and | *HTTP_PROXY_CONNECTION and | ||
REMOTE_ADDR | *REMOTE_ADDR | ||
The values of these headers are not hard coded into any server operating system - they can be changed by the server administrator. In the case of a legitamite proxy system (such as AOL, or your company internet server) these variables might be configured properly. (There are no rules or regulations regarding this!) However, in the case of an anonymous proxy service, these headers will probably not contain anything. Why would you use an anonymous proxy if it broadcast where you orginally came from? | The values of these headers are not hard coded into any server operating system - they can be changed by the server administrator. In the case of a legitamite proxy system (such as AOL, or your company internet server) these variables might be configured properly. (There are no rules or regulations regarding this!) However, in the case of an anonymous proxy service, these headers will probably not contain anything. Why would you use an anonymous proxy if it broadcast where you orginally came from? | ||
Since there is no way your server can determine such use, the only way to detect an anonymous proxy is by trying to actually use it. | Since there is no way your server can determine such use, the only way to detect an anonymous proxy is by trying to actually use it. http://www.countrycheck.com will attempt to connect to the server in the same way a user would. This connection attempt, and a few other tests, are done in real time. CountryCheck maintains a large database of proxy servers and this list is updated on a constant basis. | ||
These lists change daily. Usually an anonymous proxy is created by a virus or trojan, and then plugged as soon as the administrator detects it - mostly due to increased traffic. Because of this, many proxy lists float around on the internet, but they are outdated almost as fast as they are used. | These lists change daily. Usually an anonymous proxy is created by a virus or trojan, and then plugged as soon as the administrator detects it - mostly due to increased traffic. Because of this, many proxy lists float around on the internet, but they are outdated almost as fast as they are used. | ||
So now you know there are only three ways to flag an IP address as an anonymous proxy. | So now you know there are only three ways to flag an IP address as an anonymous proxy. | ||
#Copy the proxy list from somewhere else. | |||
#Use HTTP HEADERS. | |||
#Actually detect them properly. | |||
http://www.countrycheck.com is the ONLY service on the Internet that currently uses the third and best method. Don't be fooled into using an inferior service - remember you get what you pay for. | |||