Don't block VPN users

[tsteur]

Someone might use a VPN through Amazon or other cloud providers and we falsely don't track them. How can we detect these VPN providers without a third party and without slowing down?

I don't think checking for headers might work reliably like in https://www.ipqualityscore.com/articles/view/1/how-to-detect-proxies-with-php

There seem to be DBs but they might be commercial like https://www.ip2location.com/database/px10-ip-proxytype-country-region-city-isp-domain-usagetype-asn-lastseen-threat-residential

I suppose it will not be possible to reliably detect them (and fixed IP addresses will change over time etc). Maybe we could check if some VPN providers disclose IP ranges (since sometimes you need to whitelist them eg in AWS, or WP etc but then you might just get a dedicated IP)

[m-cameron]

It looks like IP2Proxy LITE is a free database. Not sure if it has VPN like the commercial database or not.

[tsteur]

We actually had this issue recently where a few visits were blocked and detected as Cloud provider when in fact it seems to have been VPN usage.

Looking at https://lite.ip2location.com/ip2proxy-lite it seems the commercial version covers VPN but not the free version.

Does maybe GeoIp2 / maxmind include such information in their free DB? Not sure

[AltamashShaikh]

@tsteur FYI maxmind haas this - https://support.maxmind.com/hc/en-us/articles/4408208507163-Anonymizer-and-Proxy-Data#h_01G1EDVJKNQY02XXFRM31N7SS2, but looks like its a paid service and another DB lookup is needed