In Node.js, what are the common techniques and libraries used to detect the use of a VPN by a client connecting.
Why? And regardless of the answer, your application shouldn’t be concerned about this. If you did want to restrict where traffic comes from, it should be done at the network level using a firewall.
You don’t, and you shouldn’t
There are some services that have APIs that might be able to detect VPN connections. But given that setting up a VPN on a VPS is a trivial task, your milage may vary. A quick google search found these services:
- https://ip.teoh.io/vpn-detection
- https://vpnapi.io/vpn-detection
- https://ipinfo.io/products/proxy-vpn-detection-api
I’m not clear on your use case. Clearly a lot of services do their best to block VPN access to enforce regional restrictions and prevent abuse. But I believe that will always come with a cost of alienating users that care about privacy and security. You’ll want to weigh the pro’s and con’s and go from there. If business leaders in your organization are asking for this, it might be worth evaluating on your own from a technical perspective and collaborating on whether its really worth it.
Despite the negative comments and downvotes, this community is here to help. But we can’t help you without understanding what exact problem you’re trying to solve.
So. What problem are you trying to solve?
Best of luck!
I see lots of people judging the question, but I’m facing the same problem right now (that’s what brought me here) and, as I view things, blocking vpn usage is not always bad, hear me out:
I work for a company that provides a live service globally, under a small subscription fee.
We practice different prices all around the world to make sure people with weaker currencies will be able to afford our service without compromising their budgets.
For example: In the US, the price is X, in Brazil the price is X - 25%.
We would like to guarantee that users from US are not using a VPN to buy at Brazillian prices for obvious reasons. We are not planning to fully block access to the website, we would just block purchases that comes from vpns.
The easiest method is to compare the user’s IP address to a list of known VPNs, but this won’t catch all VPNs. Back in the day, it was possible to use WebRTC to detect VPNs, but I’m not sure if this is still possible as of 2023.
HA, surely! We won’t teach you the techniques to defeat us! YOU WILL NEVER GET US
You use a database provided by a service like ip2location (they have an ip2proxy database file as well + libraries). I think there might be stripped down “free” versions.
Simple - load fb, pass in IP, get data.
The path you are taking is one that won’t work, like chasing one last fix.
You’re better off dealing with the actual problem that these inhuman VPN users are doing.
In the end, if they are scrapers, bots, bad actors your IDS will pick them up. Or use Cloudflare to do it for you.
I saw a lot of public lists collecting suspicious ips. Is it a bad solution to use it? I know it can’t be 100% accurate but if someone needs lower level of protection it sounds as a good option, or not?
In my case I want to allow to browse my app with vpn but I want to restrict some operations, that’s why I’m searching node level solution
What if you want to enrich your audit logs with geo location and the type of proxy used - datacenters, public proxies etc.
Granted it’s not a use case somebody is gonna come ask about on Reddit, but it is a use case that is not straight just blocking access.
Why not chatgpt also did that
True. IPQS works too.
Same here, as I don’t have any login system so the ip js only way for per day limit
Then ask chatgpt. Vpn detection is pretty hard. You will need to know public ip ranges of all the vpn companies. That is a moving target, and they do not publish this in some api. You might find some ips for the bigger vpns online and block those.