Any Internet provider is a proxy server. Tracking will not work in any way, only if the proxy itself does not say that someone connected through it, and it is just a proxy. In general, it will not give anything good, only if it does not cut off really normal users. It is best to catch ill-fated requests with firewalls, but not to kill for using a proxy, but simply according to the usual rules (port scanning, a large number of connections, and the like).
PS Itself 3 years constantly edited rules on a fayervol that everything worked accurately and normal users did not kill.

Well something like to forbid the Apache to climb on the 80th port outside will roll?

Any of the iptables extensions? For example:
owner
This module attempts to match various characteristics of the packet creator, for locally-generated packets. It is only valid in the OUTPUT chain, and even this some packets (such as ICMP ping responses) may have no owner, and hence never match.
--uid-owner userid
Matches if the packet was created by a process with the given effective user id.
--gid-owner groupid
Matches if the packet was created by a process with the given effective group id.
--pid-owner processid
Matches if the packet was created by a process with the given process id.
--sid-owner sessionid
Matches if the packet was created by a process in the given session group.
--cmd-owner name
Matches if the packet was created by a process with the given command name. (this option is present only if iptables was compiled under a kernel supporting this feature)

Look at the ratio of incoming / outgoing traffic. A proxy will have a lot of incoming compared to a regular site.

log analysis, maybe something automated, there will be many packets in this case, and traffic from one host and many requests from the server to external resources as well.
PS recently providers issue white IPs to clients.
iptables\apache

If it's not critical, you can disable allow_url_fopen.