Easily detect most kinds of proxies and even determine a user's real IP address.
Most proxy servers that are free to the public also send along certain things in their HTTP headers. They send (typically) 3 extra things that can be used to
detect them.
They are:
HTTP_X_FORWARDED_FOR
HTTP_PROXY_CONNECTION
HTTP_VIA
These can be obtained from PHP's $_SERVER global array.
The basic way the script below works, is it checks to see if any of these are set. If they are, then you're definately using a proxy. It also checks to see
if the word "proxy" is contained in the remote host name. This occurs frequently and is obviously a dead give away.
Most proxies are intended to be used to speed up a slow connection you might have and avoid spyware and cookies.
This script can't detect EVERY proxy, because not every proxy is detectable. High anonymity proxies (sometime's called "elite" proxies...because they make
you feel special) are proxies that are designed to keep their users hidden at all times. Reliable ones aren't easy to come by and are usually private.
If you want to use the function below, could use something like the following:
<?php
$a=array();
print "<pre>";
detectProxy($a) ? print_r($a) : print "Not using a proxy.<br>";
print "</pre>";
?>
The function detectProxy($a) takes one arguement. It takes the REFERENCE to an array. That means you have to pass it an array that already exists
somewhere. This method returns a BOOLEAN true on success, FALSE on failure. duh.
If the code is confusing to you, that's because I'm using a special kind of boolean expressions (to save space) that I might cover in another tutorial.
<?php
function detectProxy(&$ar)
{//begin of function
$gotcha=false;
if(array_key_exists('HTTP_X_FORWARDED_FOR',$_SERVER)
||
array_key_exists('HTTP_PROXY_CONNECTION',$_SERVER)
||
array_key_exists('HTTP_VIA',$_SERVER))
{$gotcha=TRUE;}
$gotcha = (stristr($_SERVER['REMOTE_HOST'],"proxy") !== FALSE ) ? TRUE : $gotcha ;
if($gotcha)
{
$ar['PORT']= (array_key_exists('REMOTE_PORT',$_SERVER) ? $_SERVER['REMOTE_PORT'] : "unknown");
$ar['HOST']= (array_key_exists('REMOTE_HOST',$_SERVER) ? $_SERVER['REMOTE_HOST'] : "unknown");
$ar['IP']= (array_key_exists('REMOTE_ADDR',$_SERVER) ? $_SERVER['REMOTE_ADDR'] : "unknown");
$ar['FORWARDED_FOR']=(array_key_exists('HTTP_X_FORWARDED_FOR',$_SERVER) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : "unknown");
$ar['INFO']= (array_key_exists('HTTP_VIA',$_SERVER) ? $_SERVER['HTTP_VIA'] : "unknown");
}
else
{
$ar['PORT']= (array_key_exists('REMOTE_PORT',$_SERVER) ? $_SERVER['REMOTE_PORT'] : "unknown");
$ar['HOST']= (array_key_exists('REMOTE_HOST',$_SERVER) ? $_SERVER['REMOTE_HOST'] : "unknown");
$ar['IP' ]= (array_key_exists('REMOTE_ADDR',$_SERVER) ? $_SERVER['REMOTE_ADDR'] : "unknown");
}
return $gotcha;
}//end of function
?>
I dunno what function this could really serve except as to freak people out or something but I thought it was pretty cool and that I'd share it with
everyone.
discuss this topic to forum
