Detect proxies with a simple PHP test to determine if a user is hiding behind a proxy connection. Quickly evaluate an IP address with PHP to detect proxy connections.
PHP developers and webmasters are bound to come across the pesky task of detecting proxies to prevent fraudsters, spammers, scrapers, bots, and other malicious users that use proxies to cause mayhem. Managing fraud is an ongoing battle but there are easy ways to block proxies and detect high risk users with both PHP and JavaScript languages. Lets explore some methods that we can implement for proxy detection with PHP.
A great technique for detecting proxies with PHP is to test for HTTP proxy headers that are commonly passed by users behind a proxy or VPN connection. The example code below provides a quick test that can be performed with PHP code to detect if the user has an HTTP header value that is commonly associated with a proxy connection. It works best for detecting transparent proxies.
There are a few caveats to implementing this PHP proxy test. It should be noted that performing this test is not a complete solution and will not detect anonymous proxies or elite proxies, as these connections hide proxy headers and other footprints that would indicate the connection was made through a proxy server. Through extensive testing, we have also noticed that the PHP proxy detection test below may cause some false-positives as legitimate traffic from cellular networks, CDNs like Cloudflare and Imperva, and select ISPs may pass these proxy headers with a perfectly valid connection. So test appropriately with your traffic before implementing into a production environment.
Detect Proxies with a PHP Header Test
$test_HTTP_proxy_headers = array(
'HTTP_VIA',
'VIA',
'Proxy-Connection',
'HTTP_X_FORWARDED_FOR',
'HTTP_FORWARDED_FOR',
'HTTP_X_FORWARDED',
'HTTP_FORWARDED',
'HTTP_CLIENT_IP',
'HTTP_FORWARDED_FOR_IP',
'X-PROXY-ID',
'MT-PROXY-ID',
'X-TINYPROXY',
'X_FORWARDED_FOR',
'FORWARDED_FOR',
'X_FORWARDED',
'FORWARDED',
'CLIENT-IP',
'CLIENT_IP',
'PROXY-AGENT',
'HTTP_X_CLUSTER_CLIENT_IP',
'FORWARDED_FOR_IP',
'HTTP_PROXY_CONNECTION');
foreach($test_HTTP_proxy_headers as $header){
if (isset($_SERVER[$header]) && !empty($_SERVER[$header])) {
exit("Please disable your proxy connection!");
}
}The header proxy test is a great foundation for proxy detection but performing a port scan upon the IP address with PHP is another useful trick for detecting proxies. Once again, this method can trigger false positives as proxy detection is not an easy feat. Some users that operate web cameras, game servers, or just like to access their computer remotely may legitimately have open ports on their network. The ports below are all commonly used by proxy servers.
Header testing continues to quite effective in 2021 for blocking common proxy servers with PHP coding, however residential proxies and elite proxies typically will hide all headers to maintain a low footprint.
Detect Proxies with a PHP Port Scan Test
$proxy_ports = array(80,81,8080,443,1080,6588,3128);
foreach($proxy_ports as $test_port) {
if(@fsockopen($_SERVER['REMOTE_ADDR'], $test_port, $errno, $errstr, 5)) {
exit("Please disable your proxy connection!");
}
}
The code above performs a test on each port in the array to see if the IP address is reachable from your server. You can add or remove ports that will be scanned to increase your chances of blocking proxies. If the port is reachable, there is a strong probability that the IP address is a proxy connection and is allowing external traffic to tunnel through the open port. If you are using a firewall on your server such as ConfigServer Firewall, it is important to note that you must open the ports above in your approved outgoing port connections for the test to successfully connect on each port. Its strongly unlikely that regular internet users would have these ports open on their network, however technologically advanced users are more likely to have open ports due to running software and programs that require it.
Filter Blacklsited IP Addresses With PHP
Maintaining IP address blacklists is simple but effective and even used by major sites such as Facebook, Twitter, and Google. The following code is a quick example of how to build an IP address blacklist into a PHP array and then check new hits against that same list. If the IP address matches, then the exit message will be displayed. New IP addresses can be added to this list as you detect abuse.
$ip_blacklist = array('192.168.1.1', '1.1.1.1', '5.5.5.5');
if(isset($_SERVER['REMOTE_ADDR']) && is_array($ip_blacklist)) {
if(in_array($_SERVER['REMOTE_ADDR'], $ip_blacklist)) {
exit("Please disable your proxy connection!");
}
}
The header test, port scan, and blacklisting methods discussed above serve as a great foundation to block proxies with PHP, however complete proxy detection is a tricky accomplishment and ultimately the best solution is a proxy detection API service.
The benefits of using a third party API service include not having to constantly manage your proxy detection algorithms to keep up with the latest fraud trends, avoiding false positive connections so legitimate traffic is not penalized, comprehensive proxy blocking which includes more unique tests than can be performed with publicly known methods like those included above, and less headaches from spammers and fraudsters that can seriously impact profits and ROI. Increase accuracy for looking up IP reputation for any type of IP address. Leverage the data of a well tested system that can avoid false-positives and accurately detect the newest and stealthiest proxies.
Implementing the proxy and VPN detection API is quite easy and can be installed in just a few minutes. The PHP code below will quickly integrate this service into your site.
PHP Proxy Detection API Integration Example
$key = 'YOURAPIKEY';
$ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : $_SERVER['HTTP_CLIENT_IP'];
$strictness = 1;
$result = json_decode(file_get_contents(sprintf('https://ipqualityscore.com/api/json/ip/%s/%s?strictness=%s',
$key, $ip, $strictness)), true);
if($result !== null){
if(isset($result['proxy']) && $result['proxy'] == true){
// Perform your business logic here
// exit("Please disable your proxy connection!");
}
}IPQualityScore's Proxy Detection Service Accurately Blocks Proxies in Real-time
Test IPQS proxy detection API service with 5,000 free monthly queries and see if the service is a good fit for your websites, apps, or business! Create a free account to generate an API key and instantly join the fight against fraud. It only takes a few minutes to integrate the service and immediately block proxy & VPN traffic. Once the system is integrated, all high risk connections including those from proxies, VPNs, Tor, and bots will be detected in real-time. Abusive users and fraudulent behavior will immediately drop as fraudsters are proactively blocked.
This article was last updated in December 2022 to include the newest methods for detecting proxies with PHP in 2022, including newer checks for detecting VPNs. The solutions in this article can also be applied using JavaScript including the API service above.
