Add A Block Proxie

[Lindsey_]

I would like to see this in IPB 3.x.x.

Some type of setting that will block proxies on your forum

[bfarber]

How would you know it's a proxy visiting?


ETA - I know there are different methods of trying to determine if a visitor is coming through a proxy, but I'm curious just how easy people think this is to do reliably, and without requiring us to spend hours every single day adding IP addresses to proxy lists manually.

[.Ryan]

Can't you check the header or where the site is being referred from. Although this would be nice, it would be unreliable and prevent some users from viewing the forum. Would have to have a special page that lets the use know they have been denied access due to a proxy, and the option to send a message to the administrator to add there IP to an "allow" list.

Instead you could have something that blocks all IPs on a black list from viewing the site, not just logging in and registering. In addition to the ban filters.

[bfarber]

Can't you check the header or where the site is being referred from. Although this would be nice, it would be unreliable and prevent some users from viewing the forum.

Check which header?
You can check the referrer header, but I've seen more than once where it's simply not populated by the webserver itself. Especially on IIS (I don't know why either, because not all IIS installations do this).

This would be extremely unreliable, and indeed would block users from viewing the forums.

FURTHER, you can set anything you want as the referrer by modifying your headers (I frequently use a program called LiveHTTPHeaders) and many proxies set the proper referrer header to get past any referrer checks.

Ultimately, this setp would be useless.

Would have to have a special page that lets the use know they have been denied access due to a proxy, and the option to send a message to the administrator to add there IP to an "allow" list.

Would be a lot of maintenance, and probably make a lot of disgruntled visitors.

Also, what about valid users that require a proxy? At my old job, we were blocked from some sites, but were able to change IE settings. :rolleyes: So we'd just set an open proxy to get to a site we wanted to visit.

Instead you could have something that blocks all IPs on a black list from viewing the site, not just logging in and registering. In addition to the ban filters.

So, you propose that someone (I'm going to guess that you'd propose IPS in this instance) maintain a black list of proxies? I think this would be out of our reach.

[.Ryan]

So, you propose that someone (I'm going to guess that you'd propose IPS in this instance) maintain a black list of proxies? I think this would be out of our reach.

You didn't get my point. No like there is a box or something that could have special settings attached to it. So if a user with an IP that matches one in the box gets redirected to a special page that says what the admin can customize it to say. Or have it built into the ban filters, and have a "rule" attached to it.

So if I mark someone that is a spam IP and they login it redirects them to a page or follows an action that I tell it to do. That page the admin can customize text or something. Or something if they got banned a reason why or something, ect. Follow me?

The black list admins can maintain themselves...

[bfarber]

Well, in that case the feature is already there.

You add whatever IPs you want to the ban filter list (the blacklist that admins can maintain) and then customize the error message that is displayed when an IP matches one in the ban filter list.

If that were the extent of the proposal, there's nothing that needs to be added?

[.Ryan]

Well, in that case the feature is already there.

You add whatever IPs you want to the ban filter list (the blacklist that admins can maintain) and then customize the error message that is displayed when an IP matches one in the ban filter list.

If that were the extent of the proposal, there's nothing that needs to be added?

Yes know you can add IPs, ect to the ban filter but here's what I think I am talking about....

So you have e-mails, IPs, and usernames banned. When someone with a banned IP views the site are they blocked, or just from login and registering? Anyways under the ban management section in the ACP there would be a link that says "Ban Filter Rules" or something similar, where you can manage existing rules or create a new rule.

So I create a new rule, and for this rule anybody using the IP between x and x gets re-directed to page http://x on my site and it says blah... Or does board already handle "custom" ban rules for IP, e-mail, and username that can I just edit the language files? See what I mean, maybe this is more of a modification or something.

[henke37]

The most obvious header is the one that the http rfc requires proxies to send, the "via" header. But there is also the "x-forwarded-for" header. Not to mention proxy application specific headers like "X-cool-proxy: version 9999, banning idiots edition".

[atomicknight]

Except that proxies aren't actually required to send any of those headers. If someone is deliberately using a proxy, he is probably trying to get around being being identified, in which case it'd only make sense to choose a proxy that doesn't leak any information. Certainly you can block some proxies by checking for particular headers, but since none of it is really "standard," it would be very unreliable.

[Louis M.]

Not only that but I could install a proxy on my web server and run it that way. What are the chances that IPS's supposed proxy team would find me?

Kind of on an off shoot... How do we get threads about people concerned about their IP being out there in the world and then threads about blocking proxies? /boggle.

I am one to keep my forums very tightly controlled and not let people in places where they shouldn't be, but I do not want to start trying to maintain a proxy list. It would almost be like trying to take the sand out of a hole on a beach. I have had issues in the past with troublesome users, but I have dealt with it. If you are so concerned about someone seeing yoru board or sensitive information on it, maybe you should re-evaluate the registration process, approval process, and your forum permissions.

Another side note, at first I wouldn't imagine the list would be to ridiculously long, but what happens after 5 years? How long will that list be and how much time and overhead will it add to the page processing?