I've Googled a few sites to get a simple script that will detect proxy users accessing your site through any proxy (anonymous or not). I've tried a few variations in my index.php file First, this one turned out blank on visit (direct, not through proxy) Code: <?php require_once(’class.php4.DefensiveAttack.php’); //Create object $def_attack = new DefensiveAttack(’my.sitename.com’); //Set my IP address $def_attack->SetMyIpAddress(’SERVER_IP’); require(’class.XIP.php’); $XIP=new XIP(); $ip =$XIP->IP['client']; // Find the IP received by the server $blacklist=implode(”, file(”blacklist.txt”)); // Load blacklist from the filesystem (a list of IP addresses) if ($XIP->CheckNet($blacklist, $XIP->IP['client'])) die(”Blacklisted Proxy DETECTED<br>”) ; // Check IP for Known open proxies. Uses SPAMCOP services to detect well-known spammers’ IP addresses $handle = @fopen(”http://www.spamcop.net/w3m?action=checkblock&ip=$ip”, “rb”); stream_set_timeout($handle,$timeout); $contents = ”; while (!feof($handle)) { $contents .= @fread($handle, 8192); } fclose($handle); if ( preg_match(”/$ip\s*listed in \w*\.spamcop\.net/”,$contents) ) { die(’IP Listed in Spamcop!’); } if ($XIP->Proxy['detected']) { die(”Proxy DETECTED<br>”) ; } //Looking for proxy. Uses the other class. if ($def_attack->IsUseProxy()) { die(”You are using proxy<br>”); } //Check referer if I do not want direct access to my site. if (false === $def_attack->CheckReferer()) { die (”Access deny. Direct access not allowed<br>”); } ?> This one took ages to load the page direct, not through proxy Code: <?php // start code // if getenv results in something, proxy detected if (getenv('HTTP_X_FORWARDED_FOR')) { $ip=getenv('HTTP_X_FORWARDED_FOR'); } // otherwise no proxy detected else { $ip=getenv('REMOTE_ADDR'); } // print the IP address on screen echo $ip; if ( $_SERVER['HTTP_X_FORWARDED_FOR'] || $_SERVER['HTTP_X_FORWARDED'] || $_SERVER['HTTP_FORWARDED_FOR'] || $_SERVER['HTTP_CLIENT_IP'] || $_SERVER['HTTP_VIA'] || in_array($_SERVER['REMOTE_PORT'], array(8080,80,6588,8000,3128,553,554)) || @fsockopen($_SERVER['REMOTE_ADDR'], 80, $errno, $errstr, 30)) { exit('Proxy detected'); } ?> I also want it to save the info to some local txt log file as well for future reference. Can someone please provide a decent method that won't affect load time, turn out blank, and even save to a log? I'd appreciate the help. Also, to be sure it does *not* block AOL members either. I'm using PHP 5x on Apache 2.2
You could try this: Code: [COLOR=#000000][COLOR=#0000cc]<?php [/COLOR][COLOR=#ff9900]// checking IP [/COLOR][COLOR=#006600]function [/COLOR][COLOR=#0000cc]IP_prawdziwe[/COLOR][COLOR=#006600](){ if ([/COLOR][COLOR=#0000cc]$_SERVER[/COLOR][COLOR=#006600][[/COLOR][COLOR=#cc0000]'HTTP_X_FORWARDED_FOR'[/COLOR][COLOR=#006600]]) { [/COLOR][COLOR=#0000cc]$ip_prawdziwe [/COLOR][COLOR=#006600]= [/COLOR][COLOR=#0000cc]$_SERVER[/COLOR][COLOR=#006600][[/COLOR][COLOR=#cc0000]'HTTP_X_FORWARDED_FOR'[/COLOR][COLOR=#006600]]; } else { [/COLOR][COLOR=#0000cc]$ip_prawdziwe [/COLOR][COLOR=#006600]= [/COLOR][COLOR=#0000cc]$_SERVER[/COLOR][COLOR=#006600][[/COLOR][COLOR=#cc0000]'REMOTE_ADDR'[/COLOR][COLOR=#006600]]; } return [/COLOR][COLOR=#0000cc]$ip_prawdziwe[/COLOR][COLOR=#006600]; } [/COLOR][COLOR=#0000cc]?>[/COLOR][/COLOR] and read the IP: Code: [COLOR=#000000][COLOR=#0000cc]<?php [/COLOR][COLOR=#ff9900] [/COLOR][COLOR=#0000cc]$ip [/COLOR][COLOR=#006600]= [/COLOR][COLOR=#0000cc]IP_prawdziwe[/COLOR][COLOR=#006600](); [/COLOR][COLOR=#006600]echo [/COLOR][COLOR=#0000cc]IP_prawdziwe[/COLOR][COLOR=#006600](); [/COLOR][COLOR=#0000cc]?>[/COLOR][/COLOR] It works but it doesn't always have to depending on the proxy.
If we talking about proxy headers, i know some source where i'm testing my proxy for anonymous level - php proxy headers, see most used proxy headers here... As usual if proxy with level "anonymous" (not elite), header HTTP_X_FORWARDED_FOR contain my IP.