How to Detect Proxies on Your Website
(PHP, Node.js, Go Examples)
April 15, 20258 min read
Table of Contents
Why Detect Proxies?
Proxies are intermediaries. While used for privacy, they are the primary tool for bad actors to bypass IP bans, rate limits, and geo-restrictions.
Method 1: Checking Headers
Some "transparent" proxies leak their presence via HTTP headers. You can check for:
- HTTP_VIA
- HTTP_X_FORWARDED_FOR
- HTTP_FORWARDED
Note: Elite/Anonymous proxies strip these headers, so this method is only 20% effective.
Method 2: Using IP Intelligence API
The only robust way is to check the IP against a database of known proxy exit nodes.
Code Snippets
PHP
$ip = $_SERVER['REMOTE_ADDR'];
$json = file_get_contents("https://api.ipasis.com/v1/lookup?ip={$ip}&key=YOUR_KEY");
$data = json_decode($json, true);
if ($data['is_proxy'] === true) {
die("Access Denied: Proxy Detected");
}JavaScript (Node.js)
const https = require('https');
https.get(`https://api.ipasis.com/v1/lookup?ip=${req.ip}`, (res) => {
let data = '';
res.on('data', (chunk) => { data += chunk; });
res.on('end', () => {
const result = JSON.parse(data);
if (result.is_proxy) {
console.log("Proxy blocked");
}
});
});FAQs
Are all proxies bad?
No. Corporate firewalls act as proxies. However, for B2C sites, a proxy usually indicates an attempt to hide identity.