ToonMariner Posted May 24, 2007 Share Posted May 24, 2007 OK need some hardcore help here... I want to detect if a client is connecting through a proxy(inluding transparent) or not. What measures can I take to authenticat the source of the request before I even ask for login details. $_SERVER['REMOTE_ADDRESS'] is the only thing I can think of using but surely it is not sufficient to trust its value. Quote Link to comment Share on other sites More sharing options...
craygo Posted May 24, 2007 Share Posted May 24, 2007 To be honest I think you would have to have a list of online proxy addresses in order to compare to. I assume you are talking about online proxies like hiddenmonkey.net and such. Anyone going through one of these would look like any other person on the internet. Proxy is pretty much just another version of a router but with rules. So anyone connecting through one will look like everyone else. Maybe do a google search for online proxies, run tracert's on them and get the ip addresses and store them, then you will have something to compare it to. Another thing I just thought of is this, when someone uses one of these proxies, their url is actually the name of the proxy service and not your site. Something else you may be able to use. Ray Quote Link to comment Share on other sites More sharing options...
ToonMariner Posted May 25, 2007 Author Share Posted May 25, 2007 Food for thought. I shall investigate further... The reason I asked in the first place is that we have information portal that is used by serval different organisations... Each location has mulitple users from their internal network. What happened was one person plugged their own laptop on the avialable connections and was browsing through a part of the site - it was not a section that required secuirty but we do record traffic based on location and his ipaddress was not recognized as being from that centre; the recording of some of the data is dependant on this and as such incomplete records appear in the custom logs. Just wondered if there was any way we could counter this... Quote Link to comment Share on other sites More sharing options...
taith Posted May 25, 2007 Share Posted May 25, 2007 i know theres a global for HTTP_VIA... that holds proxy info usually... Quote Link to comment Share on other sites More sharing options...
taith Posted May 25, 2007 Share Posted May 25, 2007 also... if you use static ip's... i created this shiney function a while ago :-) <?php function allow_ip_range($ip,$range=array()){ $ip=explode(".",$ip); foreach($range as $k=>$v){ $range1=explode(".",$v[0]); $range2=explode(".",$v[1]); if(($ip[0]>=$range1[0]&&$ip[0]<=$range2[0])&&($ip[1]>=$range1[1]&&$ip[1]<=$range2[1])&&($ip[2]>=$range1[2]&&$ip[2]<=$range2[2])&&($ip[3]>=$range1[3]&&$ip[3]<=$range2[3])) return true; } return false; } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.