How to Block Proxy Servers via htaccess
Published Sunday, April 20, 2008 @ 4:38 pm • 18 Responses
Not too long ago, a reader going by the name of bjarbj78 asked about how to block proxy servers from accessing her website. Apparently, bjarbj78 had taken the time to compile a proxy blacklist of over 9,000 domains, only to discover afterwards that the formulated htaccess blacklisting strategy didn’t work as expected:
deny from proxydomain.com proxydomain2.comBlacklisting proxy servers by blocking individual domains seems like a futile exercise. Although there are a good number of reliable, consistent proxy domains that could be blocked directly, the vast majority of such sites are constantly changing. It would take a team of professionals working around the clock just to keep up with them all.
As explained in my reply to bjarbj78’s comment, requiring Apache to process over 9,000 htaccess entries for every request could prove disastrous:
The question is, even if you could use htaccess to block over 9,000 domains, would you really want to? If you consider the potential performance hit and excessive load on server resources associated with the perpetual processing of such a monstrous list, it may inspire you to seek a healthier, perhaps more effective alternative..
A better way to block proxy servers
Rather than attempt to block proxy servers by who they are (i.e., via their specified domain identity), it is far more expedient and effective to block proxy servers by what they do. By simply blacklisting the various HTTP protocols employed by proxy servers, it is possible to block virtually all proxy connections. Here is the code that I use for stopping 99% of the proxies that attempt to access certain sites:
# block proxy servers from site access
# http://perishablepress.com/press/2008/04/20/how-to-block-proxy-servers-via-htaccess/
RewriteEngine on
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule ^(.*)$ - [F]To use this code, copy & paste into your site’s root htaccess file. Upload to your server, and test it’s effectiveness via the proxy service(s) of your choice. It may not be perfect, but compared to blacklisting a million proxy domains, it’s lightweight, concise, and very effective ;)
About this article
Related articles
- Ultimate htaccess Blacklist
- Block Spam by Denying Access to No-Referrer Requests
- How to Block IP Addresses with PHP
- Permanently Redirect a Specific IP Request for a Single Page via htaccess
- Perishable Press HTAccess Spring Cleaning, Part 2
- htaccess Combo Pack: WordPress Permalinks and non-www Redirect
- Ultimate htaccess Blacklist 2 (Compressed Version)
Dialogue
18 Responses Jump to comment form
April 21, 2008 at 10:20 am
Is this already effective? :)
I tried to read this arcticle via web-proxy without problem! :D
I thought this limitation was already implemented here for web-proxy…
April 21, 2008 at 10:55 am
I was hoping you’d eventually create an article by itself on this subject! Good advice I must say. =)
I do have one question though.. there seems to be a small difference between what you posted the other day, and what you posted here.. specifically:
RewriteCond %{HTTP:XROXY_CONNECTION} !^$ [OR]
vs.
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
Notice the additional P? I’m just wondering if that was added on purpose.
Thanks for the input if you have any!
April 23, 2008 at 4:04 am
how I can exclude some ip’s/proxy’s from the filter?
tks.
April 24, 2008 at 12:33 am
are these conditions suppose to block sites like hidemyass.com or similar sites?
because I tried and its not blocking it.
April 24, 2008 at 8:45 am
I’m looking at this page on blocking proxy servers, using a proxy server.
I tried the code, it doesn’t seem to work for proxylord.com.
April 24, 2008 at 10:38 am
Yes, I see #3.
Is there a way to block the anonymous proxy server with the .htaccess codes?
Maybe it’s a go Daddy thing.
May 2, 2008 at 3:59 pm
Will this also block Paypal IPN? Untested on my end.. waiting for a payment to come through rather than converting all my ipn stuff to sandbox.
May 22, 2008 at 2:43 am
Hey Perishable。 I have a good idea about how to block proxy server. Cause the operation system of most proxy server are Linux but the operation system of most visitor are windows. So If we can block Linux, maybe can block most proxy server.
Trackbacks / Pingbacks
[ Comments are closed for this post. ]
If you have additional information, contact me.
← Previous post • Next post →
« The Pros and Cons of Blogging • Obsessive CSS Code Formatting: Opening and Closing Brackets »
1 • Gabry
April 21, 2008 at 8:37 am
Hello was reading your page about the htaccess file to block proxy servers from surfing my site, very interesting, but my host said that since I use FrontPage editor it might block me from editing my site, is there a way to avoid this? Thank you in advance