How to Block Web Proxies from Accessing Your Website

phproxy_spidermanproxy

How to Block Proxy Users from Accessing Your Website

As a webmaster, I’ve had a lot of problems preventing users from circumventing my “limit systems” by using web proxies. So I’ve been looking for a way to solve the problem. At first, I thought about just banning proxy ips but that is far too time consuming and ineffective considering the massive number of proxy sites out there. So I devised a new system which contains several parts. Here are the 4 parts to my proxy blocking system (requires that ALL users have javascript enabled). This system may not be fully effective as it disrupts the user from using the site, it doesn’t completely prevent them but it should be enough to deter most proxy users.

1. Check if javascript is enabled via <noscript></noscript>, in between noscript, input a div that is absolute positioned to the top left with a large image that says “enable javascript please”. The user wont be able to use the site properly with a huge image blocking all the content!

2. Insert an div absolute positioned to the top left and insert an image called spacer.gif that is a 1×1 transparent pixel. Then use htaccess to block all image hotlinking and if the image is hotlinked, replace it with a huge do not hotlink image. The spacer.gif will then be replaced by this image  on some proxies and the user again will not be able to use the site properly. Most proxies download the image beforehand so this may not work, but that is why it’s a 3 part system!

3. Create a javascript code that checks the window location and makes sure that it contains your website url starting from position 0. If it doesn’t contain your website url at position 0, then redirect to another page or do something else that doesn’t let the the proxy display your site properly.

UPDATE: I found that alot of the proxies malform the javascript redirect, so I decided to add a fourth step, FLASH!

4. Create a flash swf file that uses the same javascript code and redirects users based on their current url. Place this swf on all your pages.

BONUS: Secure your page with a SSL certificate. Most proxies cannot display secure pages.

And thats it! If there is enough interest, I’ll post the full code to how I did it.

Should work for most proxies. Does it work? Checkout www.prankdial.com (where it was implemented on some pages)

Leave a Reply

Your email address will not be published. Required fields are marked *

*