如何检测直接或通过CURL访问的URL

Question

// remote.php on http://www.example.com/
<?php
function curl_access()
{ /*
  some codes here to detect
  this script accessed via
  curl or direct and returns $r.
  (without checking referrer or user agent)
  */
  return $r;
}
$curl_access = curl_access();
if ($curl_access)
{ echo 'Accessed via CURL';
} else
{ echo 'Direct access';
}
?>

// some file on a server
<?php
$h = curl_init();
curl_setopt($c, CURLOPT_URL, "http://www.example.com/remote.php");
curl_exec($c); // returns 'Accessed via CURL'
curl_close($c);
?>

Answer 1

You can't. An HTTP request is an HTTP request, and you've ruled out the obvious distinguishing characteristic of a request made by a browser (the contents of the user-agent header).

Answer 2

Since curl work as like any browser, so it is difficult to detect that is man or machine. For that first of all, you can

1.print $_SERVER php variable
2.json_encode this variable
3.put in a database field named server information
4.then browse this site one time
5.and curl execute for this same URL
6.then print both information

Here you can see some different issue. I have found different terms HTTP_COOKIE which not exist in curl request information.

So you can detect

if (!isset($_SERVER['HTTP_COOKIE'])) {          
            die('Opps! I think, your request is not proper way. Please contact');
    }

I think that will be very helpful who want to protect data scrapt from his/her website.

see details http://saidul.songzog.com/my-blog/details/869/how-can-detect-how-to-detect-a-url-accessed-direct-or-via-curl.html

Answer 3

You can check the visitor's user agent by

_SERVER['HTTP_USER_AGENT']

note that it can be modified when using curl with the -A flag.