How to Detect Proxies with PHP

Detect proxies with a simple PHP test to determine if a user is hiding behind a proxy connection.

PHP developers and webmasters are bound to come across the pesky task of detecting proxies to prevent fraudsters, spammers, scrapers, bots, and other malicious users that use proxies to cause mayhem. Managing fraud is an ongoing battle but there are easy ways to block proxies and detect high risk users with both PHP and JavaScript languages. Lets explore some methods that we can implement for proxy detection with PHP.

A great technique for detecting proxies with PHP is to test for HTTP proxy headers that are commonly passed by users behind a proxy or VPN connection. The example code below provides a quick test that can be performed with PHP code to detect if the user has an HTTP header value that is commonly associated with a proxy connection. It works best for detecting transparent proxies.

There are a few caveats to implementing this proxy test. It should be noted that performing this test is not a complete solution and will not detect anonymous proxies or elite proxies, as these connections hide proxy headers and other footprints that would indicate the connection was made through a proxy server. Through extensive testing, we have also noticed that the PHP proxy detection test below may cause some false-positives as legitimate traffic from cellular networks and select ISPs may pass these proxy headers with a perfectly valid connection. So test appropriately with your traffic before implementing into a production environment.

Detect Proxies with a PHP Header Test
$test_HTTP_proxy_headers = array(
'HTTP_X_CLUSTER_CLIENT_IP', 'FORWARDED_FOR_IP', 'HTTP_PROXY_CONNECTION'); foreach($test_HTTP_proxy_headers as $header){ if (isset($_SERVER[$header]) && !empty($_SERVER[$header])) {
exit("Please disable your proxy connection!");
} }

The header proxy test is a great foundation for proxy detection but performing a port scan upon the IP address with PHP is another useful trick for detecting proxies. Once again, this method can trigger false positives as proxy detection is not an easy feat. Some users that operate web cameras, game servers, or just like to access their computer remotely may legitimately have open ports on their network. The ports below are all commonly used by proxy servers.

Detect Proxies with a PHP Port Scan Test
	$proxy_ports = array(80,81,8080,443,1080,6588,3128);
	foreach($proxy_ports as $test_port) {
		if(@fsockopen($_SERVER['REMOTE_ADDR'], $test_port, $errno, $errstr, 5)) {
			exit("Please disable your proxy connection!");

The code above performs a test on each port in the array to see if the IP address is reachable from your server. You can add or remove ports that will be scanned to increase your chances of blocking proxies. If the port is reachable, there is a strong probability that the IP address is a proxy connection and is allowing external traffic to tunnel through the open port. If you are using a firewall on your server such as ConfigServer Firewall, it is important to note that you must open the ports above in your approved outgoing port connections for the test to successfully connect on each port. Its strongly unlikely that regular internet users would have these ports open on their network, however technologically advanced users are more likely to have open ports due to running software and programs that require it.

The header test and port scan methods discussed above serve as a great foundation to block proxies with PHP, however complete proxy detection is a tricky accomplishment and ultimately the best solution is a proxy detection API service. The benefits of using a third party API service include not having to constantly manage your proxy detection algorithms to keep up with the latest fraud trends, avoiding false positive connections so legitimate traffic is not penalized, comprehensive proxy blocking which includes more unique tests than can be performed with publicly known methods like those included above, and less headaches from spammers and fraudsters that can seriously impact profits and ROI. Leverage the data of a well tested system that can avoid false-positives and accurately detect the newest and stealthiest proxies.

Implementing proxy detection via our API service is quite easy and can be added in just a few minutes. The PHP code below will quickly integrate this service into your site.

PHP Proxy Detection API Integration Example
    $key = 'YOURAPIKEY';
$strictness = 1;
$result = json_decode(file_get_contents(sprintf('', $key, $ip, $strictness)), true);
if($result !== null){
if(isset($result['proxy']) && $result['proxy'] == true){
// Perform your business logic here
// exit("Please disable your proxy connection!");
IPQualityScores Proxy Detection Service Accurately Blocks Proxies in Real-time

Test IPQS proxy detection API service with 5,000 free monthly queries and see if the service is a good fit for your websites, apps, or business! Create a free account to generate an API key and instantly join the fight against fraud. It only takes a few minutes to integrate the service and immediately block proxy & VPN traffic. Once the system is integrated, all high risk connections including those from proxies, VPNs, Tor, and bots will be detected in real-time. Abusive users and fraudulent behavior will immediately drop as fraudsters are proactively blocked.

API Access

Full API Access

Detailed Reports & Stats

Detailed Reports & Stats

Mass Check Records

Export Data & Batch Check CSVs

Ready to eliminate fraud?

Start fighting fraud in minutes!

Questions? Call us at 1 (800) 713-2618

Sign Up »

Get Started with 5,000 Free Lookups Per Month!