curl选项CURLOPT_HTTPPROXYTUNNEL是什么意思？ [英] What does the curl option CURLOPT_HTTPPROXYTUNNEL mean?

问题描述

在cURL文档中，有一个名为 CURLOPT_HTTPPROXYTUNNEL的选项 定义为启用后通过代理创建隧道。

In the cURL documentation, there is an option called CURLOPT_HTTPPROXYTUNNEL which is defined to create a tunnel via the proxy when enabled.

但是，我不知道该隧道是什么，并且它有什么作用。如果我不使用这样的隧道，会有什么不同？

However, I have no idea what the tunnel is and what does it do. What difference will it make if I don't use a tunnel like this?

curl_setopt($session, CURLOPT_HTTPPROXYTUNNEL, 1) 

更新：

我得到的是，该隧道引用了 HTTP连接方法，这是我的理解：

What I got is that the tunnel is referring to an HTTP CONNECT METHOD and here is what I understand it does:

基于HTTP的隧道方法使用HTTP CONNECT方法/命令。客户端向HTTP代理发出HTTP CONNECT命令。然后，代理与特定的server：port建立TCP连接，并在该server：port与客户端连接之间中继数据。因为这会造成安全漏洞，所以支持CONNECT的HTTP代理通常会限制对CONNECT方法的访问。该代理仅允许访问特定授权服务器的白名单。

An HTTP-based tunneling method uses the HTTP CONNECT method/command. A client issues the HTTP CONNECT command to an HTTP proxy. The proxy then makes a TCP connection to a particular server:port, and relays data between that server:port and the client connection. Because this creates a security hole, CONNECT-capable HTTP proxies commonly restrict access to the CONNECT method. The proxy allows access only to a whitelist of specific authorized servers.

所以，问题是，使用和不使用CONNECT方法连接到代理之间有什么区别？

So, the question is, what is the difference between connecting to a proxy with and without CONNECT method?

推荐答案

没有 CURLOPT_HTTPPROXYTUNNEL

Without CURLOPT_HTTPPROXYTUNNEL

不使用 CURLOPT_HTTPPROXYTUNNEL ：您仅将代理地址/端口用作HTTP请求的目标。代理将读取查询的HTTP标头，将您的请求转发到目的地（带有HTTP标头），然后将响应写给您。

Without CURLOPT_HTTPPROXYTUNNEL : You just use the proxy address/port as a destination of your HTTP request. The proxy will read the HTTP headers of your query, forward your request to the destination (with your HTTP headers) and then write the response to you.

示例步骤：

1. HTTP GET /index.html 发送给 1.1.1.1（代理）


2. 1.1.1.1 接收请求并解析标头


3. 1.1.1.1 将查询和标头转发到 www .site.com（请求标头中的目标）。


4. 1.1.1.1 写信给您从 www.site.com

1. HTTP GET /index.html sent to 1.1.1.1 (proxy)
2. 1.1.1.1 receive request and parse header for getting the final destination of your HTTP request.
3. 1.1.1.1 forward your query and headers to www.site.com (destination in request headers).
4. 1.1.1.1 write back to you the response receive from www.site.com

使用 CURLOPT_HTTPPROXYTUNNEL

With CURLOPT_HTTPPROXYTUNNEL

使用 CURLOPT_HTTPPROXYTUNNEL ：您问代理通过执行 CONNECT 打开直接到目标的直接二进制连接（例如HTTPS，称为 TCP隧道） HTTP请求。隧道正常后，代理会回写一个 HTTP / 1.1 200连接已建立。当它收到您的浏览器后，便开始直接查询目的地：代理不解析HTTP标头，并且理论上不读取隧道数据，它只是转发它，这就是为什么它被称为隧道的原因！

With CURLOPT_HTTPPROXYTUNNEL : You ask the proxy to open a direct binary connection (like HTTPS, called a TCP Tunnel) directly to your destination by doing a CONNECT HTTP request. When the tunnel is ok, the proxy write you back a HTTP/1.1 200 Connection established. When it received your browser start to query the destination directly : The proxy does not parse HTTP headers and theoretically does not read tunnel datas, it just forward it, thats why it is called a tunnel !

示例步骤：

1. HTTP CONNECT 发送到 1.1.1.1


2. 1.1.1.1 接收 HTTP CONNECT 并获取最终目的地的ip /端口（ HTTP CONNECT < header 字段）。


3. 1.1.1.1 打开 TCP套接字通过 TCP握手到目的地 2.22.63.73:80（www.site.com的IP /端口）。


4. 1.1.1.1 通过将 TCP套接字用管道传输到 TCP套接字打开到 2.22.63.73:80 ，然后写回 HTTP / 1.1 200建立连接意味着您的客户端现在可以使您的查询抛出 TCP隧道（收到的TCP数据将直接传输到服务器，反之亦然）

1. HTTP CONNECT sent to 1.1.1.1
2. 1.1.1.1 receive HTTP CONNECT and get the ip/port of your final destination (header field of HTTP CONNECT).
3. 1.1.1.1 open a TCP Socket by doing a TCP handshake to your destination 2.22.63.73:80 (ip/port of www.site.com).
4. 1.1.1.1 Make a tunnel by piping your TCP Socket to the TCP Socket opened to 2.22.63.73:80 and then write you back HTTP/1.1 200 Connection established witch means that your client can now make your query throw the TCP Tunnel (TCP datas received will be transmited directly to server and vice versa).

这篇关于curl选项CURLOPT_HTTPPROXYTUNNEL是什么意思？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！