How to Block Proxy Servers to Access WordPress Sites


WordPress developers love the platform because of its open source nature as it gives them the freedom to be creative and innovative but at the same time, the sites developed on this framework are also susceptible to malicious attacks by hackers. Let’s have a look at ways to block proxy servers for such sites.

A proxy server essentially conceals a user’s identity and most of the time is used by people with malicious intent, but the most important thing to keep in mind is that not all proxy server visits fall into the category of bad visits, so do a thorough check of your site access logs to first ensure that your site is being attacked and only then take the following steps.

Don’t Miss —
All-in-one solution for your WordPress website
A Complete Guide on How to Set Up a Custom WordPress Page

Using .htaccess file

The hypertext access files on the server control visitor’s interaction with a website and can be used for restricting specific traffic. First, locate the .htaccess file which can be done in the following ways:

Using cPanel, which is offered by almost all the web hosting companies and is a good way for those people who are not technically proficient. Locate the files section in the file manager folder of the panel.

There you will find what you are looking for and click on it.

One can also use a plugin for this purpose, which will allow you to make the necessary modification right from the dashboard. For example, let’s see how one can do this through the Yoast SEO plugin.

Go to the Tools’ settings in Yoast and open the File Editor

This is what the editor looks like

Once the editor is open, paste the following code in it.

# BLOCK PROXY VISITS

RewriteEngine on

RewriteCond %{HTTP:VIA} !^$ [OR]

RewriteCond %{HTTP:FORWARDED} !^$ [OR]

RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]

RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]

RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]

RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]

RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]

RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$

RewriteRule .* – [F]

This code blocks all the HTTP protocols used by proxy servers and after saving it and uploading check your website and hopefully, your problem would have been solved. Ensure it by checking your links on different systems.

A common problem associated with this method to block proxy servers is the blanket ban it imposes on all the servers and the user is left bewildered when he wants to allow access to a particular proxy. A solution to this problem using .htaccess files can be found here.

First check for the whitelist (the users allowed access) on Apache server by testing this HTTP_REFERER variable:
RewriteCond %{HTTP_REFERER} !(.*)allowed-proxy-01.domain.tld(.*)
RewriteCond %{HTTP_REFERER} !(.*)allowed-proxy-02.domain.tld(.*)
RewriteCond %{HTTP_REFERER} !(.*)allowed-proxy-03.domain.tld(.*)

Notice how every line is matching against the specified server. When combined with the code used for blocking, all the three URLs mentioned will be granted access :


RewriteEngine on
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:XROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:X-FORWARDED-FOR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$ [OR]
RewriteCond %{HTTP:FORWARDED-FOR} !^$ [OR]
RewriteCond %{HTTP:X-FORWARDED} !^$
RewriteCond %{HTTP_REFERER} !(.*)allowed-proxy-01.domain.tld(.*)
RewriteCond %{HTTP_REFERER} !(.*)allowed-proxy-02.domain.tld(.*)
RewriteCond %{HTTP_REFERER} !(.*)allowed-proxy-03.domain.tld(.*)
RewriteRule ^(.*)$ – [F]

Put this code into the editor just like before and you can exercise better control over access to your site.

Using function.php file

The theme functions file is essentially a template acting like a plugin and gets auto-loaded in the admin and front-end pages of a website and can be used for enhancing its functionalities. Logging in as administrator on your dashboard, go to the Appearances section and access it.

Add the following code at the very end of the file.

// block proxy visits @ http://m0n.co/01
function shapeSpace_block_proxy_visits() {
if (@fsockopen($_SERVER[‘REMOTE_ADDR’], 80, $errstr, $errno, 1)) {
die(‘Proxy access not allowed’); } } add_action(‘after_setup_theme’,
‘shapeSpace_block_proxy_visits’);
This is really helpful in blocking troublesome servers and you can repeat the same testing process as in the above step.

Using HTTP Headers

A genuine, transparent proxy identifies itself by tagging a proxy header to each HTTP request which helps us in blocking the rogue ones by simply examining the headers and using this PHP function

function shapeSpace_block_proxy_visits() {

$headers array(‘CLIENT_IP’,’FORWARDED’,’FORWARDED_FOR’,’FORWARDED_FOR_IP’,’VIA’,’X_FORWARDED’,’X_FORWARDED_FOR’,
‘HTTP_CLIENT_IP’,’HTTP_FORWARDED’,’HTTP_FORWARDED_FOR’,’HTTP_FORWARDED_FOR_IP’,’HTTP_PROXY_CONNECTION’,
‘HTTP_VIA’,’HTTP_X_FORWARDED’,’HTTP_X_FORWARDED_FOR’);

foreach ($headers as $header){
if (isset($_SERVER[$header])) {
die(‘Proxy access not allowed.’);
}
}
}

Look at the function closely and you will find that it begins with a list of known proxy headers, following it up with checking for them in the request made and on finding one, denying the request with die() and a message. The drawback of this method is that not all proxies identify themselves in headers making it difficult to use.

Using Port Scanning

This technique scans for ports that are generally used on the remote machine and on finding one of them open interprets the request to be routed from a proxy server. This is how using PHP, it can be implemented

function shapeSpace_block_proxy_visits() {

$ports = array(80,81,553,554,1080,3128,4480,6588,8000,8080);

foreach ($ports as $port) {
if (@fsockopen($_SERVER[‘REMOTE_ADDR’], $port, $errno, $errstr, 5)) {
die(‘Proxy access not allowed.’);
}
}
}

Though more effective than the above-mentioned header technique, it is a time-consuming process and may affect the site’s process.

Conclusion

These methods to block proxy servers help in preserving resources like memory and bandwidth apart from protecting the site from all sorts of unwanted and dangerous activities such as false authentication but at the same time, it also restricts some genuine people who use them for good purposes like protecting themselves from targeted advertisements. This is a small price to pay if one really wants to protect a site from harmful intentions.




Get Our Feeds Delivered To Your Inbox

Like This Post

  1

AUTHOR INFO

Brandon Graves

Brandon Graves is a WordPress expert, who keeps writing about the latest development techniques such as convert html to wordpress platform, wordpress cms customization, Plugins development, error solution and much more.

Latest posts by Brandon Graves (see all)

Leave a Reply