incrediBILL - 2:03 pm on Mar 19, 2012 (gmt 0)
That piece of code will block a lot of innocent visitors and the payout for blocking proxies is very small.
Lots of scrapers use a wide list of proxy IPs to avoid detection and blocking proxies is the only way to disable their operations. Proxies also trick Google and other spiders to crawl via proxies which is how 302 hijacking occurs, but the solution there was to validate the spider IP properly instead of blocking the proxy.
However, the solution here is just like with any other firewall code, you have to make exceptions such as whitelisting the IP of the XML generator. If you want to block proxies you can either go the hard route and try to maintain a blacklist of proxy IPs, a never ending battle and time consuming, or simply whitelist this XML generator and anything else that gets snared by the proxy block, which is an infinitely shorter list.
To solve the problem with the code posted above, change it to check if the IP is the XML generator, else test for proxy and then die violently.
A more elegant approach would be test for a proxy and if the test is true, offer a captcha to see is a human is at the keyboard, don't just die();