How can php be used to determine whether the connection used by the user is secure (e.g. via a VPN), as shown in the picture?
Click here to see the example img
TIA
Advertisement
Answer
Theoretically, no way to do this.
Practically, you could decide which VPN providers you define as “secure”, find out the IP ranges that they use and check the source IP address of each request against that set of IP ranges.
A better way would be to think about security a bit more in-depth. From a theoretical standpoint, security can be thought of as a combination of confidentiality, integrity and availability guarantees for your service and the information it processes. You’d have to ask yourself if a user’s VPN strengthens any of those guarantees.
For example, to protect information in transit between your clients and your service, it may be sufficient and more practical to serve all of your protocols over TLS (e.g. HTTPS for web services).
If your goal, for whatever reason, is to protect the confidentiality of a user’s IP address, there is no way to enforce that. If your user chooses to use an IP address that should never be seen sending anything to your service, there is no way to stop that if your service has a publicly-routable IP address. There is a way for you to ignore or refuse that traffic, but anyone on the route between the user and your service can see the source and destination IP address in plaintext (that is, unless you use something like Tor [see https://en.wikipedia.org/wiki/Onion_routing ]). Largely, none of this should be applicable to any practical application.
At the end of the day, you should ask yourself different questions as to what information you are protecting, what kind of attackers you might expect, and what your application’s attack surface looks like. Identify potential risks, evaluate their priority and implement controls to contain the risks. And remember that you’ll never be able to eliminate risk completely.