I'm trying to figure out how I could detect whether people logging into my site are behind a proxy or not. I've read that you can detect a person's real IP address through embeddable objects (Flash and Java). However, I haven't been able to actually find any examples or source for this.
I'm using PHP and I've read that looking for $_SERVER['HTTP_X_FORWARDED_FOR'], $_SERVER['HTTP_CLIENT_IP'], etc. would detect most proxies but so far I haven't been able to by testing with TOR (maybe TOR doesn't flag those, but I've read that anonymous proxies still show HTTP_X_FORWARDED). I'd like to try doing it with a java servlet, if possible. Could anyone point me in the right direction (preferably with examples?) I saw some code on ha.ckers.org but they only showed the client side and not the server side.
TOR does not supply any server headers such as X_FORWARDED_FOR, so your best bet is to use a list of all known exit nodes. A list can be found at https://torstat.xenobite.eu/.
For other proxies, you can look at server headers. Possible server headers of interest include:
HTTP_VIA
HTTP_X_FORWARDED_FOR
HTTP_FORWARDED_FOR
HTTP_X_FORWARDED
HTTP_FORWARDED
HTTP_CLIENT_IP
HTTP_FORWARDED_FOR_IP
VIA
X_FORWARDED_FOR
FORWARDED_FOR
X_FORWARDED FORWARDED
CLIENT_IP
FORWARDED_FOR_IP
HTTP_PROXY_CONNECTION
In PHP, you can get the value of these fields in the $_SERVER[] superglobal.
By looking for the following header fields you should some proxys.
VIA
FORWARDED
USERAGENT_VIA
X_FORWARDED_FOR
PROXY_CONNECTION
XPROXY_CONNECTION
HTTP_PC_REMOTE_ADDR
HTTP_CLIENT_IP
As for blocking TOR you are best of blocking the TOR exit nodes with iptables.
And if you really must be sure you could try some "semi-malicious" things like embedding some flash or java in your page which sends you back the real client ip. But that has only limited scope as you might just get the local ip if he is in e.g. a LAN you get something like 192.168.1.x
If it's an option you can try using https. The user IP then should be visible to you. However don't know about office users behind SSL proxies.
Neither Java Applets or Flash is supposed to leak the client IP. I know that older versions of Flash had a security flaw that made it possible. Most probably that is patched by now.
I've never used TOR but from what I read it seems to be implemented as a kind of VPN and thus the browser will not be aware of it at all.
Why do you need to know if the user is behind a proxy?
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 聊天终结者 的文章《Detecting whether a user is behind a proxy》','https://www.manongdao.com/article-77123.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}