阻止用户通过网络浏览器访问网页? [英] Prevent users from being able to access a webpage via web browser?
问题描述
我和我的朋友正在开发一个程序.该程序将向我们的网页提交 GET 数据.但是,我们不希望用户通过程序以外的任何其他方式访问网页.我们可以阻止用户使用 HWID 身份验证共享程序,但没有什么可以阻止他们使用数据包扫描器获取网页的 URL.我们考虑过将要实现的用户代理身份验证,但用户代理很容易被欺骗.
My friend and I are working on a program. This program is going to submit GET data to our webpage. However, we don't want users accessing the webpage any other way than the program. We can prevent users from sharing the program using HWID authentication, but nothing prevents them from using a packet scanner to get the URL of the webpage. We thought about user-agent authentication, which we will implement, but user-agents can easily be spoofed.
所以我的问题是,我们怎样才能防止用户直接访问网页,而不是通过程序?
So my question is, how can we prevent users from accessing the webpage directly, instead of through the program?
即使你没有一个完全有效的答案,任何有助于阻止他们的事情都会很好.
Even if you don't have an answer that will completely work, anything that will help deter them would be nice.
目前我们将实施:
使用程序的HWID身份验证用户代理身份验证以访问网页对没有适当用户代理访问网页的任何人的即时 IP 黑名单
HWID Authentication to use the program User-Agent Authentication to access the web page Instant IP Blacklisting to anyone accessing the webpage without the proper User-Agent
推荐答案
不要依赖用户代理或任何类型的浏览器指纹,HTTP 标头很容易被伪造/欺骗.
Do not rely on user agent or any kind of browser fingerprint, HTTP headers are easily forged/spoofed.
您可以在请求中添加一些秘密令牌(例如密码/登录名)并通过 SSL 发送它以防止窃听.
You could add some secret token (eg. password/login) to the request and send it through SSL to prevent eavesdropping.
或者更好,使用 SSL 客户端证书.
编辑 您打算分发 VB 程序吗?如果是这样,正如 bobince 所提到的,您将无法阻止坚定的黑客伪造请求.你可以提高标准,但它会通过默默无闻的安全.即使使用客户端证书,黑客也能够从您的程序中提取证书并发送修改后的请求.
Edit Are you going to distribute the VB program? If so, as bobince mentioned, there's no way you can prevent a determined hacker to forge requests. You can raise the bar but it will be security through obscurity. Even with client certs, the hacker will be able to extract the cert from your program and send modified requests.
只要你接受来自客户端的请求,这些请求就可以被伪造.处理它.
As long as you accept requests from the client, these requests can be forged. Deal with it.
这篇关于阻止用户通过网络浏览器访问网页?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
