如何确定是否正在向内部网络或互联网发送http请求? [英] How can I determine if an http request is being made to internal network or to the internet?
问题描述
我正在尝试编写代理服务器,用于记录和整理IIS场中托管的站点的流量。托管指南说:
I'm trying to write a proxy server for logging and shaping traffic from sites hosted on an IIS farm. The hosting guidelines say:
将代理服务器添加或配置为
允许来自Web服务器的请求到
internet资源。确保您从Web服务器请求
日志请求。 ·
Add or configure your proxy server to allow requests from the web servers to internet resources. Be sure that you log requests from the web servers. ·
仅允许Web服务器向Internet发送
代理请求,而不是内部网络
。因此,如果请求的
目的地是
互联网,则应允许其通过代理获得
。但是如果应用程序
试图在内部网络上请求资源或
服务器,则应该阻止
。
Only allow the web server to make proxy requests to the internet, not to the internal network. So, if the destination of the request is the internet, it should be allowed to go through proxy. But if the application is trying to request a resource or server on the internal network, it should be prevented.
我正在使用FiddlerCore(驱动Fiddler的库),它允许我在发送请求之前检查请求,并在返回响应头后再次检查请求(此时我有主机IP)。
I'm using FiddlerCore (the library that drives Fiddler) which lets me inspect requests before they are sent, and again once the response headers are returned (at which point I have the host IP).
我可以做些什么来确定是在本地还是在互联网上发出请求?目前我将已知的内部IP列入黑名单,但似乎并不正确。
What can I do to determine if a request is being made locally or to the internet? Currently I'm blacklisting known internal IPs, but it doesn't seem right.
推荐答案
HTTP RFC指定客户端必须指定主机标题。因此,通过检查主机头来确定主机是本地还是互联网。
The HTTP RFC specified that the client must specify the host header. Thus, determine if the host is local or internet by inspecting the host header.
如果您的客户违反了该规定(未指定主机),您有权使用400(错误请求)删除/拒绝它们。 (更好的测试是否有不符合协议的那些)
If you have clients violating that (no host specified) you have the right to drop/deny them with 400 (Bad Request). (Better test if there are ones that do not follow protocol)
这篇关于如何确定是否正在向内部网络或互联网发送http请求?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
