检测用户是否在代理后面 [英] Detecting whether a user is behind a proxy

问题描述

我正在试图弄清楚如何检测登录我网站的人是否在代理之后。我已经读过你可以通过可嵌入对象（Flash和Java）检测一个人的真实IP地址。但是，我实际上找不到任何示例或来源。

I'm trying to figure out how I could detect whether people logging into my site are behind a proxy or not. I've read that you can detect a person's real IP address through embeddable objects (Flash and Java). However, I haven't been able to actually find any examples or source for this.

我正在使用PHP而且我已经读过那个寻找 $ _ SERVER ['HTTP_X_FORWARDED_FOR']，$ _SERVER ['HTTP_CLIENT_IP'] 等会检测到大多数代理，但到目前为止我还没能通过TOR测试（也许是TOR没有'标记这些，但我已经读过匿名代理仍显示 HTTP_X_FORWARDED ）。如果可能的话，我想尝试使用java servlet。任何人都可以指出我正确的方向（最好用例子？）我在ha.ckers.org上看到了一些代码，但他们只显示了客户端而不是服务器端。

I'm using PHP and I've read that looking for $_SERVER['HTTP_X_FORWARDED_FOR'], $_SERVER['HTTP_CLIENT_IP'], etc. would detect most proxies but so far I haven't been able to by testing with TOR (maybe TOR doesn't flag those, but I've read that anonymous proxies still show HTTP_X_FORWARDED). I'd like to try doing it with a java servlet, if possible. Could anyone point me in the right direction (preferably with examples?) I saw some code on ha.ckers.org but they only showed the client side and not the server side.

推荐答案

TOR不提供任何服务器头，例如X_FORWARDED_FOR，所以最好的办法是使用所有已知退出节点的列表。列表可在 https://torstat.xenobite.eu/ 找到。

TOR does not supply any server headers such as X_FORWARDED_FOR, so your best bet is to use a list of all known exit nodes. A list can be found at https://torstat.xenobite.eu/.

对于其他代理，您可以查看服务器标头。可能感兴趣的服务器头包括：

For other proxies, you can look at server headers. Possible server headers of interest include:

HTTP_VIA 
HTTP_X_FORWARDED_FOR
HTTP_FORWARDED_FOR 
HTTP_X_FORWARDED
HTTP_FORWARDED 
HTTP_CLIENT_IP
HTTP_FORWARDED_FOR_IP 
VIA
X_FORWARDED_FOR 
FORWARDED_FOR
X_FORWARDED FORWARDED
CLIENT_IP
FORWARDED_FOR_IP
HTTP_PROXY_CONNECTION

在PHP中，您可以在 $ _ SERVER []中获取这些字段的值超全球。

In PHP, you can get the value of these fields in the $_SERVER[] superglobal.

这篇关于检测用户是否在代理后面的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！