Ruby SDK · Feature

Detect VPN, Proxy & Tor in Ruby

Q: How do I detect a VPN or proxy in Ruby?

Call client.lookup_ip(ip) and read the suspicious_factors object. It exposes predicate methods vpn?, proxy?, tor_node?, datacenter?, spam?, crawler? and threat? on every lookup, so no extra request is needed.

Q: How do I check if an IP is a Tor exit node?

Use client.tor_check(ip). It returns tor? and tor_node_count, checked against the live Tor node list. The tor_node? predicate on a normal lookup also covers this without a second call.

Q: Do I need a separate call to get VPN and proxy flags?

No. The suspicious_factors predicates come back on every geolocation lookup at no extra cost, so a single client.lookup_ip(ip) gives you both location and threat signals. Use tor_check only when you want the explicit Tor node count.

Catch traffic that hides behind anonymizers. Every lookup_ip already returns the suspicious_factors predicates for proxy, VPN, Tor, datacenter, spam, and crawler — and the dedicated tor_check method adds live Tor exit-node confirmation. No extra call, no extra cost per screen.

Get free API key Ruby SDK overview

Trusted by thousands of businesses

Fast JSON API responses

Real-time validation

Simple integration, SDKs & examples

What it does

Anonymizer detection, built into every lookup

Fraudsters, scrapers, and abusers routinely mask their real IP behind a VPN, an open proxy, the Tor network, or a cloud/datacenter host. ip-api.io maintains these lists in real time and returns a predicate for each on every IP lookup, so you can require step-up verification or block outright — without bolting on a separate service.

Prerequisites

Ruby 3.0+ with ip-api-io installed
A free ip-api.io API key

No dedicated call needed — the predicates ride along with a normal lookup_ip.

client = Ipapi::Client.new(api_key: ENV.fetch("IP_API_IO_KEY"))

info = client.lookup_ip("185.220.101.1")
f = info.suspicious_factors

puts f.vpn?         # VPN service
puts f.proxy?       # open / anonymizing proxy
puts f.tor_node?    # Tor node
puts f.datacenter?  # hosting / datacenter IP (often a bot)
puts f.spam?        # known spam source
puts f.crawler?     # known crawler / bot
puts f.threat?      # listed on a threat feed

if f.vpn? || f.proxy? || f.tor_node?
  # require step-up verification (CAPTCHA, 2FA)
end

A dedicated check against the live Tor node list, with a count of matching nodes.

tor = client.tor_check("185.220.101.1")

puts tor.tor?           # true
puts tor.tor_node_count # number of matching Tor nodes

Want one number instead of flags? Risk scoring folds all of these signals into a single 0–100 score with risk_score_ip.

Reference

Response reference

`suspicious_factors` (all predicates)

Method	Meaning
`proxy?`	Open or anonymizing proxy
`vpn?`	Commercial VPN endpoint
`tor_node?`	Part of the Tor network
`datacenter?`	Hosting / datacenter range
`spam?`	Known spam source
`crawler?`	Known crawler / bot
`threat?`	Listed on a threat feed

`TorDetection` (from `tor_check`)

Method	Type	Description
`ip`	String	The checked IP
`tor?`	Boolean	Whether the IP is a Tor node
`tor_node_count`	Integer	Matching nodes for the IP

FAQ

Frequently asked questions

How do I detect a VPN or proxy in Ruby?

Call client.lookup_ip(ip) and read the suspicious_factors object. It exposes predicate methods vpn?, proxy?, tor_node?, datacenter?, spam?, crawler? and threat? on every lookup, so no extra request is needed.

How do I check if an IP is a Tor exit node?

Use client.tor_check(ip). It returns tor? and tor_node_count, checked against the live Tor node list. The tor_node? predicate on a normal lookup also covers this without a second call.

Do I need a separate call to get VPN and proxy flags?

No. The suspicious_factors predicates come back on every geolocation lookup at no extra cost, so a single client.lookup_ip(ip) gives you both location and threat signals. Use tor_check only when you want the explicit Tor node count.

Should I block all VPN and proxy traffic?

Not necessarily — many legitimate users use VPNs. A common pattern is to require step-up verification when vpn?, proxy? or tor_node? is true, and reserve hard blocks for threat?. For a single decision, use the risk score.

Start building with the ip-api.io Ruby SDK

Run gem install ip-api-io, drop in your free API key, and ship in minutes — one client object for geolocation, fraud detection, and email validation.

Get free API key Ruby SDK overview

Need support?

Explore how IP-API.io can enhance your security, provide robust bot protection, and improve IP geolocation accuracy for your applications.

Contact Support

Found a bug in the SDK?

The ip-api-io gem is open source. Open an issue or pull request on GitHub and we'll take a look.

Open on GitHub

Detect VPN, Proxy & Tor in Ruby

Anonymizer detection, built into every lookup

Prerequisites

Read `suspicious_factors` on any lookup

Confirm a Tor exit node with `tor_check`

Response reference

`suspicious_factors` (all predicates)

`TorDetection` (from `tor_check`)

Frequently asked questions

Start building with the ip-api.io Ruby SDK

Need support?

Found a bug in the SDK?

Detect VPN, Proxy & Tor in Ruby

Anonymizer detection, built into every lookup

Prerequisites

Read suspicious_factors on any lookup

Confirm a Tor exit node with tor_check

Response reference

suspicious_factors (all predicates)

TorDetection (from tor_check)

Frequently asked questions

Keep exploring

Start building with the ip-api.io Ruby SDK

Need support?

Found a bug in the SDK?

Read `suspicious_factors` on any lookup

Confirm a Tor exit node with `tor_check`

`suspicious_factors` (all predicates)

`TorDetection` (from `tor_check`)