Thread: Block proxy users (cheater)
View Single Post
  #2 (permalink)  
Old 30-06-2009, 06:11
Rock's Avatar
Rock Rock is offline
Technical Support (eUKhost.com)
  
Join Date: Oct 2006
Location: localhost
Posts: 3,356
Send a message via MSN to Rock Send a message via Skype™ to Rock
Smile
Hi,

As much as 50% of today's www traffic is via proxies.
All business users coming from firewall protected networks use a proxy.
All AOL users use a proxy.
Therefore, it is inadvisable to block ALL proxies.

A better way to block proxy servers:

Rather than attempt to block proxy servers by who they are (i.e., via their specified domain identity), it is far more expedient and effective to block proxy servers by what they do. By simply blacklisting the various HTTP protocols employed by proxy servers, it is possible to block virtually all proxy connections. Here is the code that I use for stopping 99% of the proxies that attempt to access certain sites:

Code:
# block proxy servers from site access

RewriteEngine on
RewriteCond %{HTTP:VIA}                 !^$ [OR]
RewriteCond %{HTTP:FORWARDED}           !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA}       !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR}     !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION}    !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION}   !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP}      !^$
RewriteRule ^(.*)$ - [F]
To use this code, copy & paste into your site’s root .htaccess file. Upload to your server, and test it’s effectiveness via the proxy service(s) of your choice. It may not be perfect, but compared to blacklisting a million proxy domains, it’s lightweight, concise, and very effective


You can block proxies by their IP address, or range of addresses. The actual setup depends on the HTTP server you use.

If you have control over the web server, then you can block a set of IP addresses.
If your web site is on Apache, the following may work:
Create a file called .htaccess
Place the following inside (replace the IP numbers with the proxies IP)

Order Deny,Allow
Deny from 275.8.6.7
Deny from 285.9.0.0/255.255.0.0

The HTTP protocol defines a mechanism where proxies can identify themselves http://www.ietf.org/rfc/rfc2616.txt section 14.45

However, although this is a mandatory feature, it can be turned off in many proxy products.

Check for a "Via" HTTP header. If you have one in the client request - reject it.

Let us know if you need any further information..
__________________

Rock _a.k.a._ Jack
Windows Hosting || Windows Reseller Hosting
Cloud Hosting 100% UPTIME! || Powerful Dedicated Servers
Follow eUKhost on Twitter || Join eUKhost Community on Facebook

For complaints, grievances or suggestions kindly email our FeedBack Dept.
Proper action will be taken accordingly & instantaneously!
Reply With Quote