Cloudflare Workers

Intercepting traffic at the edge is the most efficient way to use ProxyTracer. By implementing this middleware in a Cloudflare Worker, malicious requests are dropped at the CDN level before they ever consume your origin server’s resources.

The Implementation

This snippet extracts the true client IP using Cloudflare’s native headers, queries the ProxyTracer API, and returns a strict 403 Forbidden if a proxy is detected.


export default {
  async fetch(request: Request, env: Env, ctx: ExecutionContext): Promise<Response> {
    // 1. Extract the real IP (Cloudflare natively provides this)
    const ip = request.headers.get("cf-connecting-ip");
 
    // Pass through if no IP is found (e.g., local development)
    if (!ip) {
      return fetch(request); 
    }
 
    try {
      // 2. Query the ProxyTracer API
      const ptResponse = await fetch(`https://api.proxytracer.com/v1/check/${ip}`, {
        method: "GET",
        headers: {
          "Authorization": `Bearer ${env.PROXYTRACER_API_KEY}`
        }
      });
 
      if (ptResponse.ok) {
        const data = await ptResponse.json();
        
        // 3. Drop the connection if a proxy/VPN is detected
        if (data.proxy === true) {
          return new Response(
            JSON.stringify({ error: "Access Denied: VPN or Proxy detected." }), 
            { 
              status: 403,
              headers: { "Content-Type": "application/json" }
            }
          );
        }
      }
    } catch (error) {
      // Fail open: If the API is unreachable, allow traffic to ensure uptime
      console.error("ProxyTracer API Error:", error);
    }
 
    // 4. Clean traffic proceeds to your origin server
    return fetch(request);
  }
};

Security Note: Always store your PROXYTRACER_API_KEY as an encrypted Secret in your Cloudflare Worker dashboard, never in plaintext.