How to track a user behind a proxy or vpn?

R

Roman Bogachev2016-02-01 01:02:48

Nginx

Roman Bogachev, 2016-02-01 01:02:48

Purpose: to monitor and block access to the site (show a stub) if the user is sitting through a proxy or VPN.
I understand that it is necessary to disassemble MSS and MTU and, based on this, issue or block access to the site, but unfortunately I have no idea how to implement this yet.
Share tips or examples on this subject, please.
Read: https://habrahabr.ru/post/216295/ and about p0f

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

V

Vladimir Dubrovin, 2016-02-01
@YangAngel

There are a lot of ways to detect proxies - by the Via, X-Forwared-For, Forwarded headers, the modified Accept: header, by different caching algorithms from browsers, by limit conditions (restrictions on the length of the header, URI, maximum request size), by splitting the request into packets (somewhere the entire POST request goes in one packet, somewhere separately there is a header including a line feed, somewhere excluding the header). But keep in mind that a bunch of legitimate clients, especially corporate ones, can sit behind a proxy.
VPN detection is also possible, but you will get a lot of falls, because. in fact, connection technologies such as PPTP, PPPoE, L2TP, and various point-to-point connections are indistinguishable from VPN, and customers of many providers access the Internet through these types of connections.
Most likely, you do not need to block by connection technology, but to determine the known IP address ranges of VPN providers and proxy services.

D

Dimonchik, 2016-02-01
@dimonchik2013

behind the proxy - proxyjudge script, it also indirectly determines the VPN,
but the fact is that many normal people also sit behind the proxy, so only by indirect methods

Z

zooks, 2016-02-01
@zooks

No way.