How to detect web proxy services?

Intro

Web proxy servers are web services which make web requests on a user’s behalf. These differ from VPNs or Public Proxies in that they are simple web-based proxies rather than operating at the IP address and other ports level.

Uses for web proxy servers

A web proxy server functions simply as a website which allows you to view another website within it. There will usually be a textbox field where you can key in which website you want to visit. The web proxy website will then fetch your desired website using its own IP address which protects your IP address from being seen by your destination website. As with all proxies, anyone using them could be up to no good. Protect your website by detecting whenever someone’s using a web proxy to purchase items from your online store.

Using IP2Proxy to detect web proxy servers

First of all, you have to download the IP2Proxy PX11 CSV database. Download the PX11 CSV database from https://www.ip2location.com/database/px11-ip-proxytype-country-region-city-isp-domain-usagetype-asn-lastseen-threat-residential-provider.

Once you have downloaded the zipped file, you will need to extract the IP2PROXY-IP-PROXYTYPE-COUNTRY-REGION-CITY-ISP-DOMAIN-USAGETYPE-ASN-LASTSEEN-THREAT-RESIDENTIAL-PROVIDER.CSV file and save it somewhere, e.g. C:\mydata\.

For this example, we’ll be using MySQL to store and query the data via PHP.

To create the database and table, use the SQL below:

CREATE DATABASE ip2proxy;
USE ip2proxy;
CREATE TABLE `ip2proxy_px11`(
    `ip_from` INT(10) UNSIGNED,
    `ip_to` INT(10) UNSIGNED,
    `proxy_type` VARCHAR(3),
    `country_code` CHAR(2),
    `country_name` VARCHAR(64),
    `region_name` VARCHAR(128),
    `city_name` VARCHAR(128),
    `isp` VARCHAR(256),
    `domain` VARCHAR(128),
    `usage_type` VARCHAR(11),
    `asn` VARCHAR(6),
    `as` VARCHAR(256),
    `last_seen` INT(10),
    `threat` VARCHAR(128), 
    `provider` VARCHAR(256), 
    PRIMARY KEY (`ip_from`, `ip_to`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin;

Next, import the data using the SQL below:

LOAD DATA LOCAL
INFILE 'C:\\mydata\\IP2PROXY-IP-PROXYTYPE-COUNTRY-REGION-CITY-ISP-DOMAIN-USAGETYPE-ASN-LASTSEEN-THREAT-RESIDENTIAL-PROVIDER.CSV'
INTO TABLE `ip2proxy_px11`
FIELDS TERMINATED BY ','
ENCLOSED BY '"'
LINES TERMINATED BY '\n';

In your PHP webpage, you will need the following codes (remember to modify the code for your own MySQL username and password):

<?php
$ipaddress = getenv("REMOTE_ADDR");

$host = "localhost";
$dbname = "ip2proxy";
$user = "your_username";
$pwd = "your_password";

function Dot2LongIP ($IPaddr) {
  if ($IPaddr == "") {
    return 0;
  }
  else {
    $ips = explode(".", "$IPaddr");
    return ($ips[3] + $ips[2] * 256 + $ips[1] * 256 * 256 + $ips[0] * 256 * 256 * 256);
  }
}

try {
  $pdo = new PDO('mysql:host=' . $host . ';dbname=' . $dbname . ';charset=utf8', $user, $pwd);
  $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  
  $sql = "select `ip_from`, `ip_to`, `proxy_type`, `country_code`, `country_name`, `region_name`, `city_name`, `isp`, `domain`, `usage_type`, `asn`, `as`, `last_seen`, `threat`, `provider` ";
  $sql .= "from `ip2proxy_px11` where :ipnum between `ip_from` and `ip_to` limit 1";
  
  $st = $pdo->prepare($sql);
  $ipnum = Dot2LongIP($ipaddress);
  $st->bindParam(':ipnum', $ipnum, PDO::PARAM_STR);
  $st->execute();
  
  $data = $st->fetchAll(PDO::FETCH_ASSOC);
  
  if (($st->rowCount() > 0) && ($data[0]["proxy_type"] == "WEB")) {
    echo "IP: " . $ipaddress . " is a web proxy server<br />\n";
    echo "Proxy Type: " . $data[0]["proxy_type"] . "<br />\n";
    echo "Country Code: " . $data[0]["country_code"] . "<br />\n";
    echo "Country Name: " . $data[0]["country_name"] . "<br />\n";
    echo "Region: " . $data[0]["region_name"] . "<br />\n";
    echo "City: " . $data[0]["city_name"] . "<br />\n";
    echo "ISP: " . $data[0]["isp"] . "<br />\n";
    echo "Domain: " . $data[0]["domain"] . "<br />\n";
    echo "Usage Type: " . $data[0]["usage_type"] . "<br />\n";
    echo "ASN: " . $data[0]["asn"] . "<br />\n";
    echo "AS: " . $data[0]["as"] . "<br />\n";
    echo "Last Seen: " . $data[0]["last_seen"] . "<br />\n";
    echo "Threat: " . $data[0]["threat"] . "<br />\n";
    echo "Provider: " . $data[0]["provider"] . "<br />\n";
  }
  else {
    echo "IP: " . $ipaddress . " is NOT a web proxy server<br />\n";
  }
}
catch(PDOException $e) {
  echo "Error: " . $e->getMessage() . "<br />\n";
}

?>

What the PHP code above does is get the website visitor’s IP address and then convert it to the equivalent IP number before querying the MySQL server for the results. If the IP address is found in the table and the proxy type is WEB then that IP address is a web proxy server.

Was this article helpful?

Related Articles