Troubleshooting
How VPN & proxy detection works
Understanding VPN, proxy, Tor, and datacenter detection accuracy.
Detection methods
Predax uses multiple data sources to identify anonymizing services:
- VPN providers: We maintain an updated database of IP ranges belonging to 100+ commercial VPN providers
- Proxy lists: Aggregated from open proxy lists, honeypots, and proprietary feeds
- Tor exit nodes: Updated every hour from the official Tor directory
- Datacenter/hosting IPs: Cloud provider ranges (AWS, GCP, Azure, DigitalOcean, etc.)
Accuracy
| Type | Detection Rate | False Positive Rate |
|---|---|---|
| Tor | ~99% | <0.1% |
| Commercial VPNs | ~95% | <1% |
| Proxies | ~90% | <2% |
| Datacenter | ~98% | <0.5% |
Important considerations
- Not all VPN/proxy users are malicious — many legitimate users use VPNs for privacy
- Residential proxies are harder to detect because they use real ISP IPs
- New VPN servers may take up to 24 hours to appear in our database
- Corporate VPNs may sometimes be flagged — use the tag threshold to review before blocking
Recommended approach
- Use
is_vpn,is_proxy,is_tor,is_datacenterflags as signals, not as sole decision criteria - Combine with
risk_scorefor a holistic view - Start by logging/tagging, then enforce blocks after reviewing results
- See Best Practices for detailed recommendations
