I am currently writing a script to detect requests coming from a proxy server, to detect hack attempts. I vaguely understand the steps the server goes through once a connection is initiated. I was curious if it is possible to get the ip address of the connection BEFORE the server accepts the page request / command from the incoming user. I would like to determine if the incoming request is from a proxy server BEFORE receiving the page request or PUT command, and if so enter the proxy address and the real ip (if the proxy sends it in the header) into a text file and then drop the connection without accepting the request / command.
(Shnerdly - expect an info email from me to the address you provided from an earlier post sorry so late sending it)
It's not possible to know an IP before a request is made but the IP IS know the instant the request is made. The server will then decide what to do with the request - connect, refused or redirect.
There are many ways to block specific IP's from accessing the server.
The .htaccess file on a linux server will determine who can and can't access specific folders on the server.
The httpd.conf on an Apache webserver can determine what IP's can and can not access directories - specific sites - or the server complete.
The iptables can allow or deny access to the server on a global scale.
There are also ways of using a hosts file to limit access. On a Linux server it would be hosts.allow and hosts.deny
The best solution that I have found is to use a configurable hardware firewall in conjunction with the httpd.conf file. For the firewall, I use Untangle.