Detecting proxies via PHP

Question

I want to detect if a person is using proxy to access my website and if it is true then restrict him from accessing the website. I found this piece of code somewhere but I am not sure if it would work or not. Can someone please explain if it is enough or do I need to add anything else to it and how this piece of code works?

if (
      $_SERVER['HTTP_X_FORWARDED_FOR']
   || $_SERVER['HTTP_X_FORWARDED']
   || $_SERVER['HTTP_FORWARDED_FOR']
   || $_SERVER['HTTP_CLIENT_IP']
   || $_SERVER['HTTP_VIA']
   || in_array($_SERVER['REMOTE_PORT'], array(8080,80,6588,8000,3128,553,554))
   || @fsockopen($_SERVER['REMOTE_ADDR'], 80, $errno, $errstr, 30))
{
    exit('Proxy detected');
}

Thanks for the help :)

Answer 1

Your algorithm is flaw by scanning HTTP/s port 80 and 443 which is very common for all servers. It is true some VPN providers are using those ports to hide their services.

You should adopted a blacklist approach where you query the visitors IP address against a known list of proxy servers or VPN. One free database is using IP2Proxy LITE which is a subset of daily updated list from IP2Proxy. Web service is also available that could ease your daily database update. Free sample codes is available in the product pages.

Answer 2

Port scanning is not very accurate and doesn't work very well. A lot of proxies do not run on the standardized ports you're looking at. On top of that, just because someone has something running on port 80 it doesn't mean it's a proxy IP.

Overall, proxy / VPN detection is a complex issue to solve. There's a free API made by GetIPIntel which uses machine learning and probability theory techniques to generate a score of how likely the IP is a proxy / VPN. Maxmind offers one as well but it's considered as a "legacy" service and it's not free.