1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 11:28 pm May 1, 2026

Forum Moderators: coopster

Message Too Old, No Replies

website security -- keeping unwanted people out

script to block proxys, and translation services

         

londrum

10:58 pm on Dec 8, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



i'm one of those paranoid people who don't like people visiting my site through proxies, and i don't like people using translation services like babelfish either, in case they rip the whole lot and copy it into their own language. (yes, i know, i'm paranoid... that's what happens when you've been reading incredibill's blog for six months!)

and i've been hunting around for a simple little PHP script which blocks proxys. and they are pretty hard to find. the only ones out there don't do much.
but i reckon i've got one that finally does the job.

it will defeat a proxy which sticks your url on the end of it's own (with something like 

http://www.nastyproxy.com/index.php?page=http://www.yoursite.com

and it will also defeat a proxy which completely rewrites your url.
and it stops people visiting your site through all the major translation services.

just stick this at the top of all your pages... 

<?php

//this bit blocks VERY basic proxy servers, and translation services

if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])){

header('HTTP/1.1 503 Service Unavailable');print("<html><head>\n");

print("<title>Error</title>\n");print("</head><body>\n");

print("<p>This page has been left intentionally blank.</p>\n");

print("</body></html>\n");exit;}

//this bit blocks generated URLs containing the phrase =http

if(stristr($_SERVER['REQUEST_URI'],'=http')){

header('HTTP/1.1 503 Service Unavailable');print("<html><head>\n");

print("<title>Error</title>\n");print("</head><body>\n");

print("<p>This page has been left intentionally blank.</p>\n");

print("</body></html>\n");exit;}

//this bit blocks proxies that alter the URL so your sitename doesn't appear

//but i included localhost so it still works on your testing server

if((!stristr($_SERVER['REQUEST_URI'],'localhost'))¦¦(!stristr($_SERVER['REQUEST_URI'],'your-sitename'))){

return;}else{

header('HTTP/1.1 503 Service Unavailable');print("<html><head>\n");

print("<title>Error</title>\n");print("</head><body>\n");

print("<p>This page has been left intentionally blank.</p>\n");

print("</body></html>\n");exit;}

?>

remember to change the broken pipes for full pipes, because this forum changes them when you post

[edited by: londrum at 11:35 pm (utc) on Dec. 8, 2007]

henry0

11:20 pm on Dec 8, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Thank you
sounds good!

I would like knowing how you have been able to figure how good of a watch dog it is

londrum

11:38 pm on Dec 8, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



actually... i think it still needs a bit of work. maybe someone can help us out

PHP_Chimp

11:58 am on Dec 10, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



A problem with your script is that you are assuming that the $_SERVER['REQUEST_URI'] = 'http://www.nastyproxy.com/index.php?page=http://www.yoursite.com'

But that is not the request passed to your site, as unless you also operate www.nastyproxy then you have no control over their url's. They are using the $_GET['page'] to redirect to your site and passing you a valid url.

The $_SERVER['REQUEST_URI'] will contain something like '/' or '/some_page.php'. So you cant search for '=http', 'localhost', or 'your_site' in there.

The $_SERVER['HTTP_REFERER'] would be a good place to start, although this is often blank or spoofed.

Its an interesting problem. So im going to have a think and will let you know if I have any inspiration. Although I suspect that there is no easy answer, that will actually work in the majority of cases.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 11:28 pm May 1, 2026