settings:
$block_proxy_attemts = true; // true or false
$log_proxy_attemts = true; // true or false
Code:
cd /var/www/ispcp/gui
touch blockedproxy.log
chown vu2000.www-data blockedproxy.log
chmod 600 blockedproxy.log
nano block_proxy.php
insert
Code:
<?php
// settings
$block_proxy_attemts = false; // true or false
$log_proxy_attemts = true; // true or false
$log_proxy_attemts_to = "blockedproxy.log"; // Filename or path with filename
//
function block_proxys()
{
global $_SERVER, $log_proxy_attemts, $log_proxy_attemts_to;
$proxy_detected = '0';
$blockedheaders = array(
'HTTP_VIA',
'HTTP_X_FORWARDED_FOR',
'HTTP_FORWARDED_FOR',
'HTTP_X_FORWARDED',
'HTTP_FORWARDED',
'HTTP_CLIENT_IP',
'HTTP_FORWARDED_FOR_IP',
'VIA',
'X_FORWARDED_FOR',
'FORWARDED_FOR',
'X_FORWARDED',
'FORWARDED',
'CLIENT_IP',
'FORWARDED_FOR_IP',
'HTTP_PROXY_CONNECTION'
);
foreach($blockedheaders as $i)
{
if (isset($_SERVER[$i])) { $proxy_detected++; $log .= $i.", "; }
}
if (gethostbyname(ReverseIPOctets($_SERVER['REMOTE_ADDR']).".".$_SERVER['SERVER_PORT'].".".ReverseIPOctets($_SERVER['SERVER_ADDR']).".ip-port.exitlist.torproject.org") == "127.0.0.2")
{ $proxy_detected++; $log .= "TOR exit node, "; }
if (exists_in_rbl() == true)
{ $proxy_detected++; $log .= "RBL, "; }
if ($proxy_detected >= '1')
{
if ($log_proxy_attemts == true)
{
if (is_writable($log_proxy_attemts_to)) {
$fp = fopen($log_proxy_attemts_to,"a");
fwrite($fp,date("Y-m-d H:i:s").": Proxy Server detected: ".gethostbyaddr($_SERVER['REMOTE_ADDR'])." (".$_SERVER['REMOTE_ADDR'].") - Info: ".$log."\n");
fclose($fp);
} else {
exit("Connection Logfile is not writeable");
}
}
return true;
}
else
{
return false;
}
}
function exists_in_rbl() {
$rbls = array('http.dnsbl.sorbs.net', 'misc.dnsbl.sorbs.net');
$remote = getenv('REMOTE_ADDR');
if (preg_match("/([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/",
$remote, $matches)) {
foreach ($rbls as $rbl) {
$rblhost = $matches[4] . "." . $matches[3] . "." .
$matches[2] . "." . $matches[1] . "." . $rbl;
$resolved = gethostbyname($rblhost);
if ($resolved != $rblhost) {
return true;
}
}
}
return false;
}
function ReverseIPOctets($inputip)
{
$ipoc = explode(".",$inputip);
return $ipoc[3].".".$ipoc[2].".".$ipoc[1].".".$ipoc[0];
}
Code:
chown vu2000.www-data /var/www/ispcp/gui/block_proxy.php
chmod 440 block_proxy.php
nano index.php
insert bellow the php tag "<?php"
Code:
include_once("block_proxy.php");
if (block_proxys() == true AND $block_proxy_attemts == true) { exit("proxy connection not allowed"); }
optional additional improvement:
you can also block all other countries not listed in the array:
Code:
apt-get install php5-geoip
/etc/init.d/apache2 restart
nano /var/www/ispcp/gui/index.php
insert bellow the first include from above
Code:
if (!in_array (geoip_country_code_by_name($_SERVER['REMOTE_ADDR']) , array("US","DE","BE","AT","NL","FR"))) {
exit("not allowed");
}
Search
Member List
Calendar
Help
/
How to Block Proxies / Anonymous from ispCP Loginpage
