Blocking proxies tutorial

Since a lot of people proxy Ddos, it’s useful to protect your site against it. You have three options if you have total control over the server...

  • Detect proxies and block them on firewall/mod_security level
  • Detect them via PHP and block them via .htaccess
  • Detect and block them via .htaccess

Since most people use shared hosting, using a simple PHP snippet can work well unless you feel like manually banning 600 seperate IPs from your website. So, just put this litle code at the top of all your main PHP files, and it will consume little to no resources.

Break down:
HTTP_X_FORWARDED_FOR: When a proxy connects to a site, it sends Forwaded-For: YourIPHere, unless it’s an elite proxy. People that don’t use proxies have no http_x_forwaded_for so that’s a dead easy way to spot them.

HTTP_USER_AGENT: This checks and make sure the user DOES send a user agent. Most Ddosing programs don’t have a User-Agent attribute where as all internet browsers do =) Another easy spot on.

HTTP_VIA: HTTP_VIA sends what kind of proxy server it’s using, ie squid/squidX.

Info:
Most Ddoding programs hit http://site.com, not http://site.com/page.php. When the program connects to site.com/, the index file is loaded. index.php in most forums.

So, if you put that code in index.php, the first line of it, then you’ll barely feel any effects of proxy Ddosing.

You can modify that script to add on to the .htaccess to deny the attacking IP... ie:
PHP

Open the file for appendage, write "deny from xxx.xxx.xxx.xxx", add a new line, close/save file.

There is a a better way to block proxy servers, using .htaccess
Rather than attempt to block proxy servers by who they are (i.e., via their specified domain identity), it is far more expedient and effective to block proxy servers by what they do. By simply blacklisting the various HTTP protocols employed by proxy servers, it is possible to block virtually all proxy connections. Here is the code that I use for stopping 99% of the proxies that attempt to access certain sites:

.htaccess code below:.

Security
Share this Story:
  • facebook
  • twitter
  • gplus

About Adam Davies

General nerd that started playing with web development in 2001.
Before reporting exploits in websites I broke software protection.

Leave a comment

* Checkbox GDPR is required

*

I agree

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Comment