How To Detect Proxy Users

How To Detect Proxy Users
  • Published: December 23, 2022

Detecting users who are using a proxy can be important for a variety of reasons, such as security, compliance, or even just to better understand your user base. There are a few different ways that you can go about detecting proxy usage, and in this blog post, we'll explore some of the most common methods.

First, it's important to understand what a proxy is and how it works. A proxy is a server that acts as an intermediary between a client and another server. When a client makes a request to a server, the proxy receives the request and forwards it to the destination server (for example, your website). The destination server then responds to the proxy, which in turn sends the response back to the client. This process allows the client to remain anonymous to some degree.

Now, let's look at some of the ways that you can detect whether a user is using a proxy.

Method 1: Check the HTTP headers of the request

One way to detect proxy usage is to check the HTTP headers of the request. Proxy servers will often add their special headers to the request, such as Forwarded or X-Forwarded-For, which can indicate that the request has been forwarded through a proxy. Proxies that add such headers are usually called "transparent". Not all proxy servers are transparent and these headers may not be present, so this method is not very reliable.

Headers that indicate the use of a proxy are:

  • X-Forwarded-For
  • Forwarded-For
  • Forwarded
  • Via

Please note that such headers can also be added by other intermediaries, such as load balancers or content delivery networks (CDNs), so it's important to consider this in context.

Method 2: Use the Focsec Proxy Detection API to identify proxies

Focsec provides a easy to use API for checking if a IP address belongs to a known proxy server. Using the Focsec Proxy Detection API is a reliable way of checking if the IP address belongs to a known proxy server. We suggest using the Proxy Detection API along with the methods to further improve proxy detection.

Method 3: DNS records (Reverse DNS Lookup)

Another way to potentially detect proxy usage is to reverse check the DNS records for the requesting IP address. A reverse DNS lookup is a process of querying a DNS server to determine the domain name associated with an IP address. Proxies will often have their own DNS records, which can be used to identify them. However, this method is not always reliable, as some legit IPs will also have a DNS record.

Method 4: Check for known open proxy ports

If the request is coming from a proxy server, that proxy server will likely have open ports that allow the real user to connect to the proxy server. Typical ports used by proxy servers are:

  • Port 80
  • Port 8080
  • Port 8000
  • Port 443

Some less frequently used ports on proxy servers are:

  • Port 1080
  • Port 4444
  • Port 4445
  • Port 8118
  • Port 8128
  • Port 8388
  • Port 8580
  • Port 8998
  • Port 9050
  • Port 9051

Please note that the proxy server could be using any other open number, this is just a list of commonly used proxy ports.

Want to detect VPNs, Proxies, TOR, Bots, Hackers and more?

The Focsec API detects VPNs, TOR, Proxies and Bots. It helps prevent fraud and protect against suspicious logins and attacks.

Read more »