Block proxy users (cheater)

[winoomgmg]

Hello Friends,

I want to block users who use proxy services to access my web pages.

My objective one user account one connection due to my limited trafic band width.

Some users use proxy server and open multiple account.

How can I acheive it ?

Thanks in advanced.

Rgds,
WO

[Rock]

Hi,

As much as 50% of today's www traffic is via proxies.
All business users coming from firewall protected networks use a proxy.
All AOL users use a proxy.
Therefore, it is inadvisable to block ALL proxies.

A better way to block proxy servers:

Rather than attempt to block proxy servers by who they are (i.e., via their specified domain identity), it is far more expedient and effective to block proxy servers by what they do. By simply blacklisting the various HTTP protocols employed by proxy servers, it is possible to block virtually all proxy connections. Here is the code that I use for stopping 99% of the proxies that attempt to access certain sites:

Code:

# block proxy servers from site access

RewriteEngine on
RewriteCond %{HTTP:VIA}                 !^$ [OR]
RewriteCond %{HTTP:FORWARDED}           !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA}       !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR}     !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION}    !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION}   !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP}      !^$
RewriteRule ^(.*)$ - [F]

To use this code, copy & paste into your site’s root .htaccess file. Upload to your server, and test it’s effectiveness via the proxy service(s) of your choice. It may not be perfect, but compared to blacklisting a million proxy domains, it’s lightweight, concise, and very effective


You can block proxies by their IP address, or range of addresses. The actual setup depends on the HTTP server you use.

If you have control over the web server, then you can block a set of IP addresses.
If your web site is on Apache, the following may work:
Create a file called .htaccess
Place the following inside (replace the IP numbers with the proxies IP)

Order Deny,Allow
Deny from 275.8.6.7
Deny from 285.9.0.0/255.255.0.0

The HTTP protocol defines a mechanism where proxies can identify themselves http://www.ietf.org/rfc/rfc2616.txt section 14.45

However, although this is a mandatory feature, it can be turned off in many proxy products.

Check for a "Via" HTTP header. If you have one in the client request - reject it.

Let us know if you need any further information..

[mitchell]

That's an .htaccess script, right? Does it work on Windows (which I assume the OP has since this is the Windows Shared Hosting forum)? If I remember rightly, Windows servers don't accept filenames that start with a dot like .htaccess.

[Rock]

Quote:

Originally Posted by mitchell

That's an .htaccess script, right? Does it work on Windows (which I assume the OP has since this is the Windows Shared Hosting forum)? If I remember rightly, Windows servers don't accept filenames that start with a dot like .htaccess.

Yes, that is a .htaccess script & if you install the ISAPI_ReWrite module, which is an alternative to mod_rewrite in Linux, you'd be able to use .htaccess when on Windows. All of our Windows shared hosting servers have that URL rewriting module installed on them..

[bytemaster]

.htaccess files are not platform specific, so there won't be any problems with using it.

I think it is time for people to change their mindsets that all proxies are bad, a pity a minority of proxy services have made people think this.