Proxy detection

2019-08-27 09:35发布

Proxies manipulate headers ,so I decided to check page address with js and php and if they are equal => no proxy. But I think that my implementation isn't correct.

    <script src="http://code.jquery.com/jquery-1.5.1.min.js"></script>
<div id="JS" style="display:none">
<script>



</script>
</div>
<div id="noJS">Enable JS</div>
<script>
$(document).ready(function() {
$("#noJS").hide();
$("#JS").show().addClass("hasJS");  
if($("#JS").hasClass("hasJS")) {

    if($("#addrphp").text() == location.href) {
        alert("no proxy");
    }
    else {
        alert("proxy")

    }

}   
});
</script>
<?php
$url="http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
?>
<div id="addrphp" style="display:none;"><?php echo $url; ?></div>

What do you think?Is that going to stop most proxies?Is my implementation correct(is that the best way of doing what I want)?

标签: php jquery proxy
2条回答
虎瘦雄心在
2楼-- · 2019-08-27 10:04

I agree with Marc B, the most reliable way is to check your HTTP request looking for known proxy headers. There are a lot of online tools that easily show your headers, for example, this proxy headers checker shows you the most used HTTP headers by proxy servers and if you see your IP in some of them, you can surely know that you are behind a proxy.

Going further to your question, in that link are the HTTP headers names, so you can copy them and use it in your script.

But explaining further what Marc says, if you don't see any of that headers it doesn't guarantee that somebody is not using a proxy. There are a lot of proxies, transparent and high anonymous ones that doesn't send any special header in the HTTP requests.

查看更多
劳资没心,怎么记你
3楼-- · 2019-08-27 10:16

A proxy doesn't change the address of the page your browser's requesting, unless you're using something like Google cache. The proxy simply accepts your request, fetches the contents of whatever address is in the request for you, and forwards the reply to your machine. At no point should it change the address, as that'd mean what you've requested is not what you're getting.

If the local IP was available in Javascript, you could trivially check that the address the request comes from matches the address detected in Javascript, but Javascript cannot deal with that low-level a networking concept. A signed Java applet could, and maybe a Flash/Silverlight applet as well, though I'm just guessing on those.

But checking IP addresses will fail as well with something as trivial as a home broadband router. The "local" IP could very well be something like 10.0.0.13, but your site will detect the request as coming from whatever the router's external address is. There's no "proxy" involved, simply a NAT gateway, but request IP != client IP and woah, you're proxied, dude!

The most reliable (and still not particularly reliable at all) method is to check for the various proxy headers, such as X-Forwarded-For.

查看更多
登录 后发表回答