Guides » PHP

Detect VPN & Proxy IPs with PHP

Filter out VPNs, proxies, and bot traffic from your PHP application

This guide covers how to detect VPN, proxy, TOR, and bot IP addresses in PHP using cURL and the Focsec API.

Perfect for protecting login pages, checkout flows, or any endpoint where you need to identify anonymous visitors.

1

Check an IP for VPN or proxy

Use cURL to make a request to the Focsec API.

Sign up here to get your free API key.

php 
<?php

$apiKey = 'your-api-key-here';
$ipAddress = '82.40.11.200';

$ch = curl_init();
curl_setopt_array($ch, [
    CURLOPT_URL => "https://api.focsec.com/v1/ip/{$ipAddress}",
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HTTPHEADER => [
        "Authorization: {$apiKey}"
    ]
]);

$response = curl_exec($ch);
curl_close($ch);

$data = json_decode($response, true);
print_r($data);

API Response

You'll get back a JSON object with detection results and geolocation info:

Response 
{
  "ip": "82.40.11.200",
  "is_vpn": false,
  "is_proxy": false,
  "is_bot": false,
  "is_tor": false,
  "is_datacenter": false,
  "city": "London",
  "country": "United Kingdom",
  "iso_code": "gb",
  "is_in_european_union": false,
  "flag": "šŸ‡¬šŸ‡§",
  "autonomous_system_number": 5089,
  "autonomous_system_organization": "Virgin Media Limited"
}
2

Detect suspicious IPs

Create reusable functions to check IPs and detect anonymous traffic:

php 
<?php

function checkIp(string $ip, string $apiKey): ?array
{
    $ch = curl_init();
    curl_setopt_array($ch, [
        CURLOPT_URL => "https://api.focsec.com/v1/ip/{$ip}",
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_TIMEOUT => 10,
        CURLOPT_HTTPHEADER => [
            "Authorization: {$apiKey}"
        ]
    ]);

    $response = curl_exec($ch);
    $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    curl_close($ch);

    if ($httpCode !== 200) {
        return null;
    }

    return json_decode($response, true);
}

function isSuspicious(array $data): bool
{
    return $data['is_vpn']
        || $data['is_proxy']
        || $data['is_tor']
        || $data['is_bot']
        || $data['is_datacenter'];
}

// Usage
$apiKey = 'your-api-key-here';
$visitorIp = $_SERVER['REMOTE_ADDR'];

$result = checkIp($visitorIp, $apiKey);

if ($result && isSuspicious($result)) {
    echo "VPN/Proxy detected: " . $result['ip'];
} else {
    echo "Clean IP: " . $result['ip'];
}
3

Block VPNs on sensitive pages

Protect login or checkout pages by blocking anonymous connections:

php 
<?php

function blockVpnUsers(string $apiKey): void
{
    $visitorIp = $_SERVER['REMOTE_ADDR'];
    $result = checkIp($visitorIp, $apiKey);

    if ($result && isSuspicious($result)) {
        http_response_code(403);
        header('Content-Type: application/json');
        echo json_encode([
            'error' => 'VPN or proxy detected. Please disable to continue.'
        ]);
        exit;
    }
}

// Use on protected pages
$apiKey = 'your-api-key-here';

// Block VPNs on checkout
if (str_starts_with($_SERVER['REQUEST_URI'], '/checkout')) {
    blockVpnUsers($apiKey);
}

// Your page logic continues here...

Next steps

Your PHP application can now detect and block VPN and proxy users. Check out the API Reference for all available fields and options.

Other Guides

Resources

Ready to get started?

Sign up for a free account and start detecting VPNs, proxies, and bots in your application.

Get your API key »