检测用户是否在代理后面 [英] Detecting whether a user is behind a proxy
问题描述
我正在试图弄清楚如何检测登录我网站的人是否在代理之后。我已经读过你可以通过可嵌入对象(Flash和Java)检测一个人的真实IP地址。但是,我实际上找不到任何示例或来源。
I'm trying to figure out how I could detect whether people logging into my site are behind a proxy or not. I've read that you can detect a person's real IP address through embeddable objects (Flash and Java). However, I haven't been able to actually find any examples or source for this.
我正在使用PHP而且我已经读过那个寻找 $ _ SERVER ['HTTP_X_FORWARDED_FOR'],$ _SERVER ['HTTP_CLIENT_IP']
等会检测到大多数代理,但到目前为止我还没能通过TOR测试(也许是TOR没有'标记这些,但我已经读过匿名代理仍显示 HTTP_X_FORWARDED
)。如果可能的话,我想尝试使用java servlet。任何人都可以指出我正确的方向(最好用例子?)我在ha.ckers.org上看到了一些代码,但他们只显示了客户端而不是服务器端。
I'm using PHP and I've read that looking for $_SERVER['HTTP_X_FORWARDED_FOR'], $_SERVER['HTTP_CLIENT_IP']
, etc. would detect most proxies but so far I haven't been able to by testing with TOR (maybe TOR doesn't flag those, but I've read that anonymous proxies still show HTTP_X_FORWARDED
). I'd like to try doing it with a java servlet, if possible. Could anyone point me in the right direction (preferably with examples?) I saw some code on ha.ckers.org but they only showed the client side and not the server side.
推荐答案
TOR不提供任何服务器头,例如X_FORWARDED_FOR,所以最好的办法是使用所有已知退出节点的列表。列表可在 https://torstat.xenobite.eu/ 找到。
TOR does not supply any server headers such as X_FORWARDED_FOR, so your best bet is to use a list of all known exit nodes. A list can be found at https://torstat.xenobite.eu/.
对于其他代理,您可以查看服务器标头。可能感兴趣的服务器头包括:
For other proxies, you can look at server headers. Possible server headers of interest include:
HTTP_VIA
HTTP_X_FORWARDED_FOR
HTTP_FORWARDED_FOR
HTTP_X_FORWARDED
HTTP_FORWARDED
HTTP_CLIENT_IP
HTTP_FORWARDED_FOR_IP
VIA
X_FORWARDED_FOR
FORWARDED_FOR
X_FORWARDED FORWARDED
CLIENT_IP
FORWARDED_FOR_IP
HTTP_PROXY_CONNECTION
在PHP中,您可以在 $ _ SERVER []中获取这些字段的值超全球
。
In PHP, you can get the value of these fields in the $_SERVER[] superglobal
.
这篇关于检测用户是否在代理后面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!