PHP How to Block Proxies from my Site?
I\'m looking for the absolute best way of blocking proxies coming onto my site. The reason is due to me using unique IP address\'s on my project.
What would you reco
-
I've found a code taken from PhpMyAdmin which uses some possibilities of PHP to detect proxies and IPs behind proxies. For me this code worked many times, but not 100%. I paste it here for your tests and considerations
It returns FALSE when determining a strong proxy or user IP behind the transparent proxy
Check new versions of PhpMyAdmin for updates
function get_ip() { global $REMOTE_ADDR; global $HTTP_X_FORWARDED_FOR, $HTTP_X_FORWARDED, $HTTP_FORWARDED_FOR, $HTTP_FORWARDED; global $HTTP_VIA, $HTTP_X_COMING_FROM, $HTTP_COMING_FROM; global $HTTP_SERVER_VARS, $HTTP_ENV_VARS; // Get some server/environment variables values if(empty($REMOTE_ADDR)) { if(!empty($_SERVER)&&isset($_SERVER['REMOTE_ADDR'])) { $REMOTE_ADDR = $_SERVER['REMOTE_ADDR']; } elseif(!empty($_ENV)&&isset($_ENV['REMOTE_ADDR'])) { $REMOTE_ADDR = $_ENV['REMOTE_ADDR']; } elseif(!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['REMOTE_ADDR'])) { $REMOTE_ADDR = $HTTP_SERVER_VARS['REMOTE_ADDR']; } elseif(!empty($HTTP_ENV_VARS)&&isset($HTTP_ENV_VARS['REMOTE_ADDR'])) { $REMOTE_ADDR = $HTTP_ENV_VARS['REMOTE_ADDR']; } elseif(@getenv('REMOTE_ADDR')) { $REMOTE_ADDR = getenv('REMOTE_ADDR'); } } // end if if(empty($HTTP_X_FORWARDED_FOR)) { if(!empty($_SERVER) && isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $HTTP_X_FORWARDED_FOR = $_SERVER['HTTP_X_FORWARDED_FOR']; } elseif(!empty($_ENV) && isset($_ENV['HTTP_X_FORWARDED_FOR'])) { $HTTP_X_FORWARDED_FOR = $_ENV['HTTP_X_FORWARDED_FOR']; } elseif(!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'])) { $HTTP_X_FORWARDED_FOR = $HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']; } elseif(!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_X_FORWARDED_FOR'])) { $HTTP_X_FORWARDED_FOR = $HTTP_ENV_VARS['HTTP_X_FORWARDED_FOR']; } elseif(@getenv('HTTP_X_FORWARDED_FOR')) { $HTTP_X_FORWARDED_FOR = getenv('HTTP_X_FORWARDED_FOR'); } } // end if if(empty($HTTP_X_FORWARDED)) { if(!empty($_SERVER) && isset($_SERVER['HTTP_X_FORWARDED'])) { $HTTP_X_FORWARDED = $_SERVER['HTTP_X_FORWARDED']; } elseif(!empty($_ENV) && isset($_ENV['HTTP_X_FORWARDED'])) { $HTTP_X_FORWARDED = $_ENV['HTTP_X_FORWARDED']; } elseif(!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_X_FORWARDED'])) { $HTTP_X_FORWARDED = $HTTP_SERVER_VARS['HTTP_X_FORWARDED']; } elseif(!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_X_FORWARDED'])) { $HTTP_X_FORWARDED = $HTTP_ENV_VARS['HTTP_X_FORWARDED']; } elseif(@getenv('HTTP_X_FORWARDED')) { $HTTP_X_FORWARDED = getenv('HTTP_X_FORWARDED'); } } // end if if(empty($HTTP_FORWARDED_FOR)) { if(!empty($_SERVER) && isset($_SERVER['HTTP_FORWARDED_FOR'])) { $HTTP_FORWARDED_FOR = $_SERVER['HTTP_FORWARDED_FOR']; } elseif(!empty($_ENV) && isset($_ENV['HTTP_FORWARDED_FOR'])) { $HTTP_FORWARDED_FOR = $_ENV['HTTP_FORWARDED_FOR']; } elseif(!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_FORWARDED_FOR'])) { $HTTP_FORWARDED_FOR = $HTTP_SERVER_VARS['HTTP_FORWARDED_FOR']; } elseif(!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_FORWARDED_FOR'])) { $HTTP_FORWARDED_FOR = $HTTP_ENV_VARS['HTTP_FORWARDED_FOR']; } elseif(@getenv('HTTP_FORWARDED_FOR')) { $HTTP_FORWARDED_FOR = getenv('HTTP_FORWARDED_FOR'); } } // end if if(empty($HTTP_FORWARDED)) { if(!empty($_SERVER) && isset($_SERVER['HTTP_FORWARDED'])) { $HTTP_FORWARDED = $_SERVER['HTTP_FORWARDED']; } elseif(!empty($_ENV) && isset($_ENV['HTTP_FORWARDED'])) { $HTTP_FORWARDED = $_ENV['HTTP_FORWARDED']; } elseif(!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_FORWARDED'])) { $HTTP_FORWARDED = $HTTP_SERVER_VARS['HTTP_FORWARDED']; } elseif(!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_FORWARDED'])) { $HTTP_FORWARDED = $HTTP_ENV_VARS['HTTP_FORWARDED']; } elseif(@getenv('HTTP_FORWARDED')) { $HTTP_FORWARDED = getenv('HTTP_FORWARDED'); } } // end if if(empty($HTTP_VIA)) { if(!empty($_SERVER) && isset($_SERVER['HTTP_VIA'])) { $HTTP_VIA = $_SERVER['HTTP_VIA']; } elseif(!empty($_ENV) && isset($_ENV['HTTP_VIA'])) { $HTTP_VIA = $_ENV['HTTP_VIA']; } elseif(!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_VIA'])) { $HTTP_VIA = $HTTP_SERVER_VARS['HTTP_VIA']; } elseif(!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_VIA'])) { $HTTP_VIA = $HTTP_ENV_VARS['HTTP_VIA']; } elseif(@getenv('HTTP_VIA')) { $HTTP_VIA = getenv('HTTP_VIA'); } } // end if if(empty($HTTP_X_COMING_FROM)) { if(!empty($_SERVER) && isset($_SERVER['HTTP_X_COMING_FROM'])) { $HTTP_X_COMING_FROM = $_SERVER['HTTP_X_COMING_FROM']; } elseif(!empty($_ENV) && isset($_ENV['HTTP_X_COMING_FROM'])) { $HTTP_X_COMING_FROM = $_ENV['HTTP_X_COMING_FROM']; } elseif(!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_X_COMING_FROM'])) { $HTTP_X_COMING_FROM = $HTTP_SERVER_VARS['HTTP_X_COMING_FROM']; } elseif(!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_X_COMING_FROM'])) { $HTTP_X_COMING_FROM = $HTTP_ENV_VARS['HTTP_X_COMING_FROM']; } elseif(@getenv('HTTP_X_COMING_FROM')) { $HTTP_X_COMING_FROM = getenv('HTTP_X_COMING_FROM'); } } // end if if(empty($HTTP_COMING_FROM)) { if(!empty($_SERVER) && isset($_SERVER['HTTP_COMING_FROM'])) { $HTTP_COMING_FROM = $_SERVER['HTTP_COMING_FROM']; } elseif(!empty($_ENV) && isset($_ENV['HTTP_COMING_FROM'])) { $HTTP_COMING_FROM = $_ENV['HTTP_COMING_FROM']; } elseif(!empty($HTTP_COMING_FROM) && isset($HTTP_SERVER_VARS['HTTP_COMING_FROM'])) { $HTTP_COMING_FROM = $HTTP_SERVER_VARS['HTTP_COMING_FROM']; } elseif(!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_COMING_FROM'])) { $HTTP_COMING_FROM = $HTTP_ENV_VARS['HTTP_COMING_FROM']; } elseif(@getenv('HTTP_COMING_FROM')) { $HTTP_COMING_FROM = getenv('HTTP_COMING_FROM'); } } // end if // Gets the default ip sent by the user if(!empty($REMOTE_ADDR)) { $direct_ip = $REMOTE_ADDR; } // Gets the proxy ip sent by the user $proxy_ip=''; if(!empty($HTTP_X_FORWARDED_FOR))$proxy_ip = $HTTP_X_FORWARDED_FOR; elseif(!empty($HTTP_X_FORWARDED))$proxy_ip = $HTTP_X_FORWARDED; elseif(!empty($HTTP_FORWARDED_FOR))$proxy_ip = $HTTP_FORWARDED_FOR; elseif(!empty($HTTP_FORWARDED))$proxy_ip = $HTTP_FORWARDED; elseif(!empty($HTTP_VIA))$proxy_ip = $HTTP_VIA; elseif(!empty($HTTP_X_COMING_FROM))$proxy_ip = $HTTP_X_COMING_FROM; elseif(!empty($HTTP_COMING_FROM))$proxy_ip = $HTTP_COMING_FROM; // Returns the true IP if it has been found, else FALSE if (empty($proxy_ip)) { // True IP without proxy return $direct_ip; } else { $is_ip = ereg('^([0-9]{1,3}\.){3,3}[0-9]{1,3}', $proxy_ip, $regs); if($is_ip && (count($regs) > 0)) { // True IP behind a proxy return $regs[0]; } else { // Can't define IP: there is a proxy but we don't have // information about the true IP return FALSE; } } // end if... else... }讨论(0) -
It is impossible to completely accurately determine whether the person connecting to your site is proxying that request for someone else.
The best you can reasonably do in realtime is look for an
X-FORWARDED-FORHTTP header, which some proxies will use to inform you the IP address of the client the proxy is connecting on behalf of.$headers = apache_request_headers(); $forwarded = $headers['X-Forwarded-For'];If you are assuming that each IP address corresponds to a different person, you are making a mistaken assumption. There are many more devices connected to the internet than available IPs. Everyone in a school typically shares an IP. Everyone in a large company typically shares an IP. Every AOL dialup user shares a couple IPs. Every MSN dialup user shares a couple IPs.
讨论(0) -
The problem with this is, if you have a legitimate IP and include this header, and you make this header trump the IP, you will get incorrect results.
It may be worthwhile storing both separately.
讨论(0) -
Add to .htaccess
RewriteEngine on RewriteCond %{HTTP:VIA} !^$ [OR] RewriteCond %{HTTP:FORWARDED} !^$ [OR] RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR] RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR] RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR] RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR] RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR] RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$ RewriteRule ^(.*)$ - [F]讨论(0) -
You should not be relying on unique IP addresses. Many people are behind a firewall at work or school, so one ip does not mean 1 machine or user.
If you want to identify your users, set a cookie, or use a session.
讨论(0) -
I'm not aware of a bulletproof way to do this, but this would be pretty much complete:
if (get_ip_address() !== get_ip_address(true)) { echo 'using proxy'; }This get_ip_address() function was adapted from this answer and goes as follows:
function get_ip_address($proxy = false) { if ($proxy === true) { foreach (array('HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED') as $key) { if (array_key_exists($key, $_SERVER) === true) { foreach (array_map('trim', explode(',', $_SERVER[$key])) as $ip) { if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_IPV6 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false) { return $ip; } } } } } return $_SERVER['REMOTE_ADDR']; }讨论(0)
加载中...
- 热议问题