Programers: how do I distinguish a trasparent proxy hit from a...
 

anonymous proxy hit ?

If you use the function I gave you yesterday it would always bypass transparent ones. Transparent proxies have those extra proxy headers, HTTP_VIA and the others.

Yep, a transparent has proxy headers attached.

can you hit me up plase?

I'm going to have lunch in a minute. I'll be online in 2 hours or so :)

but anonymous proxies has those headers too, only they hide the user's ip address:


Transparent Proxies
They do not hide information about your IP address:

REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = your IP

The function of such proxy servers is not the improvement of your anonymity in Internet. Their purpose is information cashing, organization of joint access to Internet of several computers, etc.

Anonymous Proxies
All proxy servers, that hide a client?s IP address in any way are called anonymous proxies

Simple Anonymous Proxies

These proxy servers do not hide a fact that a proxy is used, however they replace your IP with its own:
REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = proxy IP

These proxies are the most widespread among other anonymous proxy servers.

Distorting Proxies

As well as simple anonymous proxy servers these proxies do not hide the fact that a proxy server is used. However a client?s IP address (your IP address) is replaced with another (arbitrary, random) IP:

REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = random IP address

High Anonymity Proxies
These proxy servers are also called "high anonymity proxy". In contrast to other types of anonymity proxy servers they hide a fact of using a proxy:

REMOTE_ADDR = proxy IP
HTTP_VIA = not determined
HTTP_X_FORWARDED_FOR = not determined



I need to be able to distinguish between 3 cases:
1 - Transparent proxy hit ( - with this kind of hit I do nothing )
2 - Anonymity proxy hit ( - this kind of hit I want to block )
3 - High anonymity proxies or No proxy hit ( - no way to tell - let it go )

There is actually a way to tell High anonymity proxies too. I made a script back when I used to run TGP's that worked pretty well. It wasn't 100%, but it caught a majority of them.

what did you use in order to distinguish a trasparent proxy hit from an anonymous proxy hit?
or distinguish a non proxy hit, from a anonymous or high anonymous hit?

If this is for trading then you'll probably have to do more sophisticated long term analysis. Even if you can detect "anonymous" proxies (and many will NOT have any headers to suggest they're a proxy) there is no easy way to detect a load coming from a compromised Winbox. It's not a simple task, it cannot be done in real time with only the IP and headers of the request as parameters.

thanks but I don't need anything sophisticated at this point.

I really only need to be able to distinguish between 3 cases:
1 - Transparent proxy hit
2 - Anonymity proxy hit
3 - Everything else

how did you do this?

---->bump

What's the difference between a proxy and any random IP?

very good question

What's the difference between a regular proxy and any random IP?