determine if user is using proxy

2019-01-13 19:14发布

问题:

Hi I'm creating a game and I would like to be able to tell if a user is using a proxy. If they are than it basically puts a flag on their account. I can make it do the flag and all but I'm not exactly sure how to tell if a user is using a proxy. I've seen you can use headers but I'm not exactly sure which to look for and how you would check if a user "has" a header (besides the normal http_referrer and what not).

Any help is greatly appreciated.

Edit

if ( $_SERVER['HTTP_X_FORWARDED_FOR']
|| $_SERVER['HTTP_X_FORWARDED']
|| $_SERVER['HTTP_FORWARDED_FOR']
|| $_SERVER['HTTP_CLIENT_IP']
|| $_SERVER['HTTP_VIA']
|| in_array($_SERVER['REMOTE_PORT'], array(8080,80,6588,8000,3128,553,554))
|| @fsockopen($_SERVER['REMOTE_ADDR'], 80, $errno, $errstr, 30))
{
     exit('Proxy detected');
}

So this code mostly works, when the user is a proxy it quickly exits. But when they aren't it takes forever to load (about 10 seconds). Is there anyway to use this script but make it work faster?

EDIT 2

Changed the timeout on fsockopen from 30 to 1 and it works much quicker and is still working. Thanks for the suggestions everyone :)

回答1:

After searching Google for php detect http proxies I came up with the following:

http://forums.digitalpoint.com/showthread.php?t=58964

http://forums.digitalpoint.com/showthread.php?t=365467

http://www.roscripts.com/PHP_Proxy_Detector-75.html

...and quite a number of other interesting hits.

EDIT:

AFAIK there is no way to detect HTTP proxies either with absolute certainty, or safely:

  • Anonymizer services do not add the proper headers to their requests - as a matter of fact they remove some of them. You need to keep a list of the most popular anonymizer services and their IP address blocks and detect them that way. There are some lists on-line that you might be able to use, but they are far from complete - especially if you consider that most large institutions (ISPs, companies, universities etc) provide a proxy server for their users. Some even require their users to use them.

  • Many HTTP proxies are configured so that they simply forward requests without altering the headers.

  • VPN installations have the same effect as an HTTP proxy - namely allowing HTTP requests to originate from a different IP than that of the computer where the web broswer is - without being one.

  • Any SSH server can be used as a SOCKS proxy by its users, which is not really detectable since it is not really an HTTP proxy.

  • There are many legitimate HTTP proxies that are not publically accessible. For example there are HTTP proxy products that are installed in a home network and provide parental control and questionable content (pornography, phishing sites etc) filtering for the whole network.

What kind of abuse are you seeing, where detecting HTTP proxies could be useful?