If you go to whatismyipaddress.com using a public proxy, it will report your proxy ip, but it will also (usually) report that you're using a proxy, and your originating IP as well in many cases.
How does it do this?
Similar sites like Gmail and Craigslist can tell if the computers connecting to them are proxy servers as well.
I have a site with data that is free to browse 200x/day/ip, but I'd like to protect it from harvesting by people using proxies.
Any tips or insights into how this is accomplished are appreciated.
Please check this SO thread. It explains how to do it. It is tagged for PHP but I think the idea remains same here.
**EDIT :**I am duplicating the accepted answer here for reference :
TOR does not supply any server headers
such as X_FORWARDED_FOR, so your best
bet is to use a list of all known exit
nodes. A list can be found at
https://torstat.xenobite.eu/.
For other proxies, you can look at
server headers. Possible server
headers of interest include:
HTTP_VIA
HTTP_X_FORWARDED_FOR
HTTP_FORWARDED_FOR
HTTP_X_FORWARDED
HTTP_FORWARDED
HTTP_CLIENT_IP
HTTP_FORWARDED_FOR_IP
VIA
X_FORWARDED_FOR
FORWARDED_FOR
X_FORWARDED
FORWARDED
CLIENT_IP
FORWARDED_FOR_IP
HTTP_PROXY_CONNECTION
In PHP, you can get the value of these
fields in the $_SERVER[] superglobal.
Related
Suppose I have a proxy IP address, but no infos about it.
Is this possible to know from scratch which kind of proxy it is (distant webservers doesn't know I'm behind a proxy, distant webservers know I'm behind a proxy but doesn't know my IP, distant webservers know both infos)?
Is there a simple test to verify which infos are known about me when I'm navigating?
[edit]
If someone has a simple answer like "no because [etc]", he's welcomed. My first question is "is it feasable".
Lagado Proxy Text mentioned by Joshua Drake in comments works, so it is feasible. The important thing is now to learn how does it work.
Its operation is pretty simple: just be a website. So if you can afford to set up a website which will do exactly the same and will cope with all the traffic you're going to send to it, the problem is solved.
What should such a website do? Check for headers sent by client. The relevant ones are mentioned on the Lagado's page: Via, Forwarded, X-Forwarded-For and Client-ip.
The rest should be easy.
And answering your second question: see BrowserSpy.
I am trying to get the IP address of the request coming in from the httpheader. If value is x do something, if not do somthing else. Can anyone help me out?
Does this help? it seems pretty straight forward.
From the link, there are a few different ways:
HttpContext.Current.Request.UserHostAddress;
HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"];
HttpContext.Current.Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
You might want to look here. The HTTP standards do not define the source address as part of the protocol. Infact HTTP does not directly relate to IPv4 /IPv6 at all.
Generally, a webserver will easily be able to tell the network address of the other end of the socket ( the end where the web browser is ). It does not use HTTP to do this, rather it will use features of the OS's networking stack.
In the case of ASP.NET you should be able to find the IP address where the request came from. You might try looking at System.Web.HttpRequest.UserHostAddress
Say I have a remote page accessed through http://www.mypage.com/test.aspx. On that page I use the code Request.ServerVariables["HTTP_HOST"].ToString(). Is it possible that when I access the page the code can return a different url than that which I see in the url bar which is http://www.mypage.com/test.aspx? Any help would be appreciated. Thanks.
You could see any name that IIS has bound to your web instance. So, if your server is called "server1" and the IP address is 123.123.123.123 and all three of those are bound to your instance of IIS, you could see any of those values.
To look up what names are bound, open "Internet Information Services (IIS) Manager" (start, Administration tools), expand the tree till you see your sites. Find the one you are using. Right-click and choose "Bindings". Edit each of the bindings in the list. If they all say [IP address:] "All Unassigned", then your HTTP_HOST could be 1. the WWW address that you have configured via DNS, 2. the machine name 3. the IP address(es).
try to use:
HttpContext.Current.Request.ServerVariables["SERVER_NAME"]
i hope that this will be work.
I was also facing the issue with HttpContext.Current.Request.ServerVariables["HTTP_HOST"] and figured it out. The best way to retrieve the hostname is "HttpContext.Current.Request.Url.Host". It resovled my issue.
Thanks,
Raj
It is possible, yes. A isapi_rewrite module could modify the value of HTTP_HOST before your own code is able to inspect it.
Someone has already mentioned local rewriters (isapi_rewrite), but there are also remote ones, like an ISA Server publishing your server. It's a configuration thingie to send original host headers (what the client entered), or the ones entered in the publishing settings.
We have multiple domains for one of our websites.
e.g. mydomain-uk.com and mydomain.co.uk
I have a handler which creates an XML sitemap and it uses HttpContext.Current.Request.Url.Host to retrieve the host site.
When my browser is on mydomain.co.uk/handler it retrieves mydomain-uk.com as the host
How can I ensure it always retrieves mydomain.co.uk ?
Is there a preference order configured somewhere on the server?
The host is get it from the URL on the request, and this is logical, you can not change this.
To solve this, create a static variable with your URL name, even better place it on your web.config, and just get this variable and not the Url.Host
Hope this help
Don't point all of your domains at the website. Have the extra domains perform a 301 redirect to the main domain name. This will also help resolve confusion by search engines when they try to resolve your site as to which site is the original source of your content, and will prevent inbound links from other websites from using a mixture of domains which will only exacerbate the problem.
Don't forget that HttpContext.Current.Request.Url.Host is simply going to return whatever HOST was requested at the time it happened. If the client requested something else, HttpContext.Current.Request will reflect this.
Well, for my program(s) I'd like to let the user send me an e-mail with any errors. Instead of relying on a forsaken SMTP server, I decided to let the user use his very own e-mail client to send an e-mail to a specified address.
So what I need is:
A sender (should not be changeable) (example: mysupportemail#gmail.com)
An attached file (should not be changeable) (example: "C:\a file.log")
(Optional) A body (changeable)
I hope it is possible!
You can use the mailto command for this. See http://msdn.microsoft.com/en-us/library/aa767737(VS.85).aspx for more information. Some mail clients support attachments on this. See the comments of the MSDN page for some information on this.
The mailto protocol has limitations, such as not being able to specify an attachment (some mail clients support it, but it's not in the official protocol). Your best option is probably to use the MAPISendMail function to let MAPI do the hard work. See this article for details:
Sending files via the default e-mail client
I used this technique in the past, it seems to work perfectly.
Using mailto directly from you application cause potential problems. If you have specified mail account for receive e-mails you can be sure, that someone will use it somehow to sent you spam or thousands unwanted emails. In our company we struggled with this problem many times - at last, we decided to allow our customers to report problems in any other way - web page form.
Now, when customer click 'report problem' this option displays a form for reporting bugs in default web browser. Opened link include some additional information which causing partial fill of the form opened by customer. Now, we have an intermediate layer and absolute control on server side who report problem (ip) and we can limit reporting for specified users. Next advantage of these solution is that you can forward emails to different departments depending on what form fields are marked/filled with.
Well, I have found the perfect solution!
For those who want to see it...
http://social.msdn.microsoft.com/Forums/en/netfxnetcom/thread/a75533eb-131b-4ff3-a3b2-b6df87c25cc8
http://www.eggheadcafe.com/community/aspnet/2/10019665/email-through-gmail-in-c.aspx