As you may have guessed this is a little tricky since a properly anonomous proxy cannot be sniffed out by use of headers like "via" and "ip_fordwarded_for" etc.

The only ideas that spring to mind are:

1) Testing every client that accesses the server to ensure that they aren't coming from an ip which has known proxy ports open, similar to the way some IRC servers respond on connect. Essentially you'd check if the client had obvious signs of using a proxy, if not then you'd need to run that check.

Upside is that as a detection system its foolproof and maintenance free, the downside is that I'd call proxy scanning everyone who viewed your site bad netiquette and could potentially be abused by a 3rd party, not to mention its fairly technical.

2) Maintain a list of known anonomous proxies - lots of sites like the one for multiproxy have big lists of proxies, anon or otherwise. You could merge several of these lists and get yourself a reasonable blacklist.

Upside is that this is cheap, fast and transparent to the user, the downside is that it wont be correct 100% of the time as your list will not contain every proxy, plus maintainance will be a total killer.

It should stop the very simple zero-effort attempts but it will not stop a determined person.

3) Attempt to identify common attributes of users using a proxy, either in terms of "sniffing" their traffic and picking out key elements or in terms of profiles.

Upside is that when these types of rules are well designed they are very impressive, the downside is that designing a good set takes lots of time, lots of effort and is *very* prone to false-positives if a rule is not perfect.

- Tony

Thank you very much Tony, you saved me a ton of work that would probably would go to waste