hola-proxy: Working around the broken peer flag

Hello,

So in my issue #12 I mentioned that the -proxy-type peer flag is broken because I never got a residential IP through it.

At first I thought that it might be because I was running the Hola proxy server using a machine with a server IP address. But no, I got on my computer which has a residential IP address and it still gave DigitalOcean proxies even though the proxy type flag was set to give peer ones.

Then I checked your tests at https://github.com/Snawoot/hola-proxy/issues/4#issuecomment-629874771 and https://github.com/Snawoot/hola-proxy/issues/12#issuecomment-782935208

You used https://2ip.ru - So I tried the same and I actually got a residential IP! To be honest, I thought 2ip.ru was broken because I couldn’t trust this haha. However I tried https://icanhazip.com which gave the same residential IP address.

I came back to the APIs I were using before (http://ip-api.com/json and my own IP lookup API on my website) and it gave back the direct DigitalOcean proxy even though it gave a residential one for 2ip.ru and icanhazip.com

The first thing that came into my mind is that it might be giving back the direct proxy on the CloudFlare protected sites (because my own API is Cloudflare protected), but it seems ip-api.com isn’t CloudFlare protected.

Came into another site which is https://extreme-ip-lookup.com and it gave back the residential IP address.

I quickly hosted this on my own API, which prints all the request headers:

<?php
var_dump(getallheaders());
?>

3 of the headers included IPs.

array {
  ["Cf-Connecting-Ip"]=>
  string(15) "138.197.145.194"
  ["X-Forwarded-For"]=>
  string(15) "138.197.145.194"
  ["X-Real-Ip"]=>
  string(15) "108.162.241.248"
}

Cf-Connecting-Ip and X-Forwarded-For are the direct Hola DigitalOcean IPs, and X-Real-Ip is the Cloudflare node IP address.

What’s next? I predicted that the residential IP isn’t applied to the http:// sites because ip-api.com/json was HTTP (HTTPS requires a premium plan) But I tried http://icanhazip.com (HTTP this time) and it returned the residential IP address.

Tried https://manytools.org/http-html-text/http-request-headers/ which returned the X-Forwarded-For and X-Real-Ip as the DigitalOcean IPs too (NOTE: My own browser sends those two headers too with my own residential IP address)

Summary: Both of the X-Forwarded-For and X-Real-Ip headers should be removed from the requests when the proxy type is set as peer, or IMHO, its better to remove them anyway regardless the proxy type.

Kind regards.

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 19 (11 by maintainers)

Commits related to this issue

Most upvoted comments

@aarivex Noone tried it. I guess you may try following:

  1. setup domain which is eligible to be accessed via residental IPs
  2. delegate it to something like CoreDNS server with rewrite plugin, having example.org.yourdomain.tk rewritten to example.org
  3. adjust hola-client to add ".yourdomain.tk" to proxied domain names in CONNECT handler
+1
Snawoot on Jul 20, 2021
Read more comments on GitHub
← hola-proxy: Unable to unmashal zgettunnels response: unexpected end of JSON input
SncRedisBundle: 2.1.5 (lazy loading) somehow breaks set method on session client →