php - How to get data from the client and not from the server or my web application?

Question

I am trying to get user data not from my server.

I have two pages on one I have an SSL certificate and on the other I don't, I am printing data from my computer, on the SSL certificate, it prints port 443 while the one without a certificate prints port 80.

$PORT = $_SERVER['SERVER_PORT'];

The same works with the following code, in SSL it prints proxy while in the other it prints no proxy.

if(!gethostbyaddr(getenv('REMOTE_ADDR'))
    || gethostbyaddr(getenv('REMOTE_ADDR')) == "."
    || !getenv('HTTP_ACCEPT_ENCODING')
    || getenv('HTTP_X_FORWARDED_FOR')
    || getenv('HTTP_X_FORWARDED')
    || getenv('HTTP_FORWARDED_FOR')
    || getenv('HTTP_VIA')
    || getenv('HTTP_FORWARDED')
    || getenv('HTTP_CLIENT_IP')
    || getenv('HTTP_FORWARDED_FOR_IP')
    || getenv('VIA')
    || getenv('X-PROXY-ID')
    || getenv('MT-PROXY-ID')
    || getenv('X-TINYPROXY')
    || getenv('PROXY-AGENT')
    || getenv('X_FORWARDED_FOR')
    || getenv('FORWARDED_FOR')
    || getenv('X_FORWARDED FORWARDED')
    || getenv('HTTP_X_CLUSTER_CLIENT_IP')
    || getenv('CLIENT-IP')
    || getenv('CLIENT_IP')
    || getenv('FORWARDED_FOR_IP')
    || getenv('HTTP_PROXY_CONNECTION')
    || getenv('PROXY_CONNECTION')
    || in_array(getenv('REMOTE_PORT'), array(8080,80,6588,8000,3128,553,554))
    || @fsockopen(getenv('REMOTE_ADDR'), 80, $NUM_ERROR, $CONNECTION_TIME, 0)
    || !getenv('HTTP_CONNECTION')){
    echo 'proxy';
} else {
    echo 'no proxy';
}

So this is wrong, because I am getting different data, am I using the same computer?

Answer 1

Only on the page without certificate, it detects me when I use a VPN app

When the proxy connects to an encrypted webserver(SSL) it CAN'T modify the headers it's user sending to the final server, because all data is encrypted.

However, if the proxy is connecting to a non encrypted webserver, it will add it's own headers like HTTP_FORWARDED_FOR

That is why you detected the proxy on non encrypted webserver, because 1 of these 25 conditions has trapped the proxy!

That is why detecting a proxy on an encrypted webserver is hard, and you have to do more complicated approaches like trying to make port-scan the client IP and check if any of the common/standard proxies ports are open.

You can confirm this by doing a var_dump($_SERVER) in your code , and you will see that on the page with SSL, there are no proxy headers at all, and in the page without SSL I'm sure you will find one of them.

As I told you in your previous question, I suggest using an IP reputation API.