$_SERVER['HTTP_HOST'] 和 $_SERVER['SERVER_NAME'] 检测问题 [英] $_SERVER['HTTP_HOST'] AND $_SERVER['SERVER_NAME'] Detection Issue

查看：60 发布时间：2021/6/22 20:37:24 php security proxy

本文介绍了$_SERVER['HTTP_HOST'] 和 $_SERVER['SERVER_NAME'] 检测问题的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我有一个网站可以产生良好的流量，但我发现另一个网站正在掩盖我的网站，我在如何使用 PHP 检测它以便我可以阻止它方面遇到问题.

I have one website that generates a good traffic and i have found that other website is cloaking my website and i have problem on how to detect it with PHP so i can block it.

首先我已将 echo $_SERVER['HTTP_HOST'] 或 echo $_SERVER['SERVER_NAME'] 添加到我的代码中，当我访问这个伪装网站时，结果是正确的.它向我显示了伪装 mywebsite.com 的网站名称 (cloakingwebsite.com)

First of all I have added echo $_SERVER['HTTP_HOST'] or echo $_SERVER['SERVER_NAME'] to my code and when i access this cloaking websitethe result is right. It shows me the name of the website (cloakingwebsite.com) that is cloaking mywebsite.com

所以我现在在 cloakingwebsite.com(不是我的域)，此代码添加到 mywebsite.com(我的域)

So i am now on cloakingwebsite.com (not my domain), with this code added on mywebsite.com (my domain)

if($_SERVER['HTTP_HOST'] == "cloakingwebsite.com" || $_SERVER['SERVER_NAME'] == "cloakingwebsite.com"){
    echo "you are on cloakingwebsite.com";
}
else if($_SERVER['HTTP_HOST'] == "mywebsite.com" || $_SERVER['SERVER_NAME'] == "mywebsite.com"){
     echo "you are on mywebsite.com";
}

我知道你在 mywebsite.com

结论:

如果我使用 $_SERVER['HTTP_HOST'] 或 $_SERVER['SERVER_NAME'] 和 echo 或 print 结果是正确的，但如果我将它们与 if 和 else 语句一起使用，结果是不正确的.

If i use $_SERVER['HTTP_HOST'] or $_SERVER['SERVER_NAME'] with echo or print the result is right but if i use them with if and else statement the result is not right.

我对虚拟或真实 ip 以及 SERVER_NAME 或 HTTP_HOST 了解不多，但这对我来说似乎是一个安全问题.

I don't know much about virtual or real ip and SERVER_NAME or HTTP_HOST but this looks like a security issue for me.

我所有在 google 上搜索我的网站的用户都找到了这个伪装的网站，他们通过这个网站登录我的网站，因为它也管理 cookie 和所有内容.据我所知，这些网站可能会通过它们获取我所有的用户登录信息.我在互联网上搜索了所有解决方案，那就是 javascript.我这样做了，但现在他们变得聪明了，他们过滤并删除了所有 javascript 代码.

All my users that search for my website on google find this cloaking website and they login on my website trough this one because it is also managing cookies and everything. As far as i know these websites may got all my users login info that goes trough them. I have searched all the internet for a solution and that was javascript. I did that but now they got smart they filter and remove all javascript codes.

所以对我来说唯一的选择是 $_SERVER['HTTP_HOST'] 或 $_SERVER['SERVER_NAME'] 没有正确检测到女巫.

So the only option for me is $_SERVER['HTTP_HOST'] or $_SERVER['SERVER_NAME'] witch are not detected right.

我在 NGINX 上运行 PHP 7.1

I run PHP 7.1 on NGINX

请问有什么解决办法吗?

Any solution please?

myWebsite.com 标题

[USER] => www-data
[HOME] => /var/www
[HTTP_CF_CONNECTING_IP] => 3a02:3f0e:5260:664:75fb:bb5a:f2a6:1ea3
[HTTP_COOKIE] => __cfduid=d7711ced6c319ac0aa615de5f64160b561509570260;
[HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.8,it;q=0.6,ro;q=0.4
[HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
[HTTP_UPGRADE_INSECURE_REQUESTS] => 1
[HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
[HTTP_CF_VISITOR] => {"scheme":"https"}
[HTTP_X_FORWARDED_PROTO] => https
[HTTP_CF_RAY] => 3b8d9bf459da7ea0-BUD
[HTTP_X_FORWARDED_FOR] => 3a02:2f0e:3260:664:75fb:bb5a:f2a6:1ea3
[HTTP_CF_IPCOUNTRY] => RO
[HTTP_ACCEPT_ENCODING] => gzip
[HTTP_CONNECTION] => Keep-Alive
[HTTP_HOST] => mywebsite.com
[REDIRECT_STATUS] => 200
[SERVER_NAME] => mywebsite.com
[SERVER_PORT] => 80
[SERVER_ADDR] => ******hiden.ip
[REMOTE_PORT] => 34741
[REMOTE_ADDR] => ****hiden.ip
[SERVER_SOFTWARE] => nginx/1.13.6
[GATEWAY_INTERFACE] => CGI/1.1
[REQUEST_SCHEME] => http
[SERVER_PROTOCOL] => HTTP/1.1
[DOCUMENT_ROOT] => /var/www
[DOCUMENT_URI] => /index.php
[REQUEST_URI] => /
[SCRIPT_NAME] => /index.php
[CONTENT_LENGTH] => 
[CONTENT_TYPE] => 
[REQUEST_METHOD] => GET
[QUERY_STRING] => 
[SCRIPT_FILENAME] => /var/www/index.php
[FCGI_ROLE] => RESPONDER
[PHP_SELF] => /index.php
[REQUEST_TIME_FLOAT] => 1509882770.658
[REQUEST_TIME] => 1509882770

cloakingWbsite.com 标题

[USER] => www-data
[HOME] => /var/www
[HTTP_CF_CONNECTING_IP] => 3a01:3f8:171:2a4c:0:0:0:2
[HTTP_COOKIE] => __cfduid=dcad0dcc3004b494316f306212dc195911509878400;
[HTTP_REFERER] => 
[HTTP_ACCEPT] => */*
[HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
[HTTP_CF_VISITOR] => {"scheme":"https"}
[HTTP_X_FORWARDED_PROTO] => https
[HTTP_CF_RAY] => 3b8f5486a8196349-FRA
[HTTP_X_FORWARDED_FOR] => 2a01:4f8:171:3a4c:0:0:0:2
[HTTP_CF_IPCOUNTRY] => DE
[HTTP_ACCEPT_ENCODING] => gzip
[HTTP_CONNECTION] => Keep-Alive
[HTTP_HOST] => proxywebsite.com
[REDIRECT_STATUS] => 200
[SERVER_NAME] => cloakingwebsite.com
[SERVER_PORT] => 80
[SERVER_ADDR] => ***hidden.ip
[REMOTE_PORT] => 14485
[REMOTE_ADDR] => ***hidden.ip
[SERVER_SOFTWARE] => nginx/1.13.6
[GATEWAY_INTERFACE] => CGI/1.1
[REQUEST_SCHEME] => http
[SERVER_PROTOCOL] => HTTP/1.1
[DOCUMENT_ROOT] => /var/www
[DOCUMENT_URI] => /index.php
[REQUEST_URI] => /
[SCRIPT_NAME] => /index.php
[CONTENT_LENGTH] => 
[CONTENT_TYPE] => 
[REQUEST_METHOD] => GET
[QUERY_STRING] => 
[SCRIPT_FILENAME] => /var/www/index.php
[FCGI_ROLE] => RESPONDER
[PHP_SELF] => /index.php
[REQUEST_TIME_FLOAT] => 1509879844.936
[REQUEST_TIME] => 1509879844

$_SERVER['HTTP_HOST'] 和 $_SERVER['SERVER_NAME'] 检测问题 [英] $_SERVER['HTTP_HOST'] AND $_SERVER['SERVER_NAME'] Detection Issue

问题描述

推荐答案

相关文章

PHP最新文章

热门教程

热门工具

登录关闭

$_SERVER['HTTP_HOST'] 和 $_SERVER['SERVER_NAME'] 检测问题 [英] $_SERVER[&#39;HTTP_HOST&#39;] AND $_SERVER[&#39;SERVER_NAME&#39;] Detection Issue

问题描述

推荐答案

相关文章

PHP最新文章

热门教程

热门工具

登录 关闭

$_SERVER['HTTP_HOST'] 和 $_SERVER['SERVER_NAME'] 检测问题 [英] $_SERVER['HTTP_HOST'] AND $_SERVER['SERVER_NAME'] Detection Issue

登录关闭