[英]PHP How to Block Proxies from my Site?
我正在尋找阻止代理進入我網站的最佳方式。 原因是我在我的項目中使用了唯一的IP地址。
你會推薦什么?
謝謝!
無法完全准確地確定連接到您網站的人是否代表其他人的請求。
您可以合理地實時做的最好的事情是尋找一個X-FORWARDED-FOR
HTTP標頭, 一些代理將用它來通知您代理連接的客戶端的IP地址。
$headers = apache_request_headers();
$forwarded = $headers['X-Forwarded-For'];
如果您假設每個IP地址對應一個不同的人,那么您就會做出錯誤的假設。 互聯網連接的設備比可用的IP多得多。 學校里的每個人通常都會共享知識產權。 大公司中的每個人通常都共享一個IP。 每個AOL撥號用戶共享幾個IP。 每個MSN撥號用戶共享幾個IP。
您不應該依賴於唯一的IP地址。 許多人在工作或學校的防火牆后面,所以一個IP並不意味着1台機器或用戶。
如果要標識用戶,請設置cookie或使用會話。
互聯網上有幾種類型的代理,一些代碼不會檢測到所有代理。 VPN,Web代理,Tor和開放代理是代理的一些示例,無法始終使用常規工具檢測到這些代理。 處理和檢測這些代理的最佳方法是使用這些代理地址的更新黑名單。 一個例子是BlockScript 。
添加到.htaccess
RewriteEngine on
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule ^(.*)$ - [F]
這樣做的問題是,如果你有一個合法的IP並包含這個標題,並且你使這個標題勝過IP,你將得到不正確的結果。
單獨存儲兩者可能是值得的。
我不知道這樣做的防彈方法,但這將是非常完整的:
if (get_ip_address() !== get_ip_address(true))
{
echo 'using proxy';
}
這個get_ip_address()函數改編自這個答案 ,如下:
function get_ip_address($proxy = false)
{
if ($proxy === true)
{
foreach (array('HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED') as $key)
{
if (array_key_exists($key, $_SERVER) === true)
{
foreach (array_map('trim', explode(',', $_SERVER[$key])) as $ip)
{
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_IPV6 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false)
{
return $ip;
}
}
}
}
}
return $_SERVER['REMOTE_ADDR'];
}
我發現了一個來自PhpMyAdmin的代碼,它使用PHP的一些可能性來檢測代理背后的代理和IP。 對我來說,這段代碼工作了很多次,但不是100%。 我將它粘貼在這里以供您進行測試和考慮
在確定透明代理后面的強代理或用戶IP時,它返回FALSE
檢查新版本的PhpMyAdmin以獲取更新
function get_ip()
{
global $REMOTE_ADDR;
global $HTTP_X_FORWARDED_FOR, $HTTP_X_FORWARDED, $HTTP_FORWARDED_FOR, $HTTP_FORWARDED;
global $HTTP_VIA, $HTTP_X_COMING_FROM, $HTTP_COMING_FROM;
global $HTTP_SERVER_VARS, $HTTP_ENV_VARS;
// Get some server/environment variables values
if(empty($REMOTE_ADDR))
{
if(!empty($_SERVER)&&isset($_SERVER['REMOTE_ADDR']))
{
$REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
}
elseif(!empty($_ENV)&&isset($_ENV['REMOTE_ADDR']))
{
$REMOTE_ADDR = $_ENV['REMOTE_ADDR'];
}
elseif(!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['REMOTE_ADDR']))
{
$REMOTE_ADDR = $HTTP_SERVER_VARS['REMOTE_ADDR'];
}
elseif(!empty($HTTP_ENV_VARS)&&isset($HTTP_ENV_VARS['REMOTE_ADDR']))
{
$REMOTE_ADDR = $HTTP_ENV_VARS['REMOTE_ADDR'];
}
elseif(@getenv('REMOTE_ADDR'))
{
$REMOTE_ADDR = getenv('REMOTE_ADDR');
}
} // end if
if(empty($HTTP_X_FORWARDED_FOR))
{
if(!empty($_SERVER) && isset($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$HTTP_X_FORWARDED_FOR = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
elseif(!empty($_ENV) && isset($_ENV['HTTP_X_FORWARDED_FOR']))
{
$HTTP_X_FORWARDED_FOR = $_ENV['HTTP_X_FORWARDED_FOR'];
}
elseif(!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']))
{
$HTTP_X_FORWARDED_FOR = $HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'];
}
elseif(!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_X_FORWARDED_FOR']))
{
$HTTP_X_FORWARDED_FOR = $HTTP_ENV_VARS['HTTP_X_FORWARDED_FOR'];
}
elseif(@getenv('HTTP_X_FORWARDED_FOR'))
{
$HTTP_X_FORWARDED_FOR = getenv('HTTP_X_FORWARDED_FOR');
}
} // end if
if(empty($HTTP_X_FORWARDED))
{
if(!empty($_SERVER) && isset($_SERVER['HTTP_X_FORWARDED']))
{
$HTTP_X_FORWARDED = $_SERVER['HTTP_X_FORWARDED'];
}
elseif(!empty($_ENV) && isset($_ENV['HTTP_X_FORWARDED']))
{
$HTTP_X_FORWARDED = $_ENV['HTTP_X_FORWARDED'];
}
elseif(!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_X_FORWARDED']))
{
$HTTP_X_FORWARDED = $HTTP_SERVER_VARS['HTTP_X_FORWARDED'];
}
elseif(!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_X_FORWARDED']))
{
$HTTP_X_FORWARDED = $HTTP_ENV_VARS['HTTP_X_FORWARDED'];
}
elseif(@getenv('HTTP_X_FORWARDED'))
{
$HTTP_X_FORWARDED = getenv('HTTP_X_FORWARDED');
}
} // end if
if(empty($HTTP_FORWARDED_FOR))
{
if(!empty($_SERVER) && isset($_SERVER['HTTP_FORWARDED_FOR']))
{
$HTTP_FORWARDED_FOR = $_SERVER['HTTP_FORWARDED_FOR'];
}
elseif(!empty($_ENV) && isset($_ENV['HTTP_FORWARDED_FOR']))
{
$HTTP_FORWARDED_FOR = $_ENV['HTTP_FORWARDED_FOR'];
}
elseif(!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_FORWARDED_FOR']))
{
$HTTP_FORWARDED_FOR = $HTTP_SERVER_VARS['HTTP_FORWARDED_FOR'];
}
elseif(!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_FORWARDED_FOR']))
{
$HTTP_FORWARDED_FOR = $HTTP_ENV_VARS['HTTP_FORWARDED_FOR'];
}
elseif(@getenv('HTTP_FORWARDED_FOR'))
{
$HTTP_FORWARDED_FOR = getenv('HTTP_FORWARDED_FOR');
}
} // end if
if(empty($HTTP_FORWARDED))
{
if(!empty($_SERVER) && isset($_SERVER['HTTP_FORWARDED']))
{
$HTTP_FORWARDED = $_SERVER['HTTP_FORWARDED'];
}
elseif(!empty($_ENV) && isset($_ENV['HTTP_FORWARDED']))
{
$HTTP_FORWARDED = $_ENV['HTTP_FORWARDED'];
}
elseif(!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_FORWARDED']))
{
$HTTP_FORWARDED = $HTTP_SERVER_VARS['HTTP_FORWARDED'];
}
elseif(!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_FORWARDED']))
{
$HTTP_FORWARDED = $HTTP_ENV_VARS['HTTP_FORWARDED'];
}
elseif(@getenv('HTTP_FORWARDED'))
{
$HTTP_FORWARDED = getenv('HTTP_FORWARDED');
}
} // end if
if(empty($HTTP_VIA))
{
if(!empty($_SERVER) && isset($_SERVER['HTTP_VIA']))
{
$HTTP_VIA = $_SERVER['HTTP_VIA'];
}
elseif(!empty($_ENV) && isset($_ENV['HTTP_VIA']))
{
$HTTP_VIA = $_ENV['HTTP_VIA'];
}
elseif(!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_VIA']))
{
$HTTP_VIA = $HTTP_SERVER_VARS['HTTP_VIA'];
}
elseif(!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_VIA']))
{
$HTTP_VIA = $HTTP_ENV_VARS['HTTP_VIA'];
}
elseif(@getenv('HTTP_VIA'))
{
$HTTP_VIA = getenv('HTTP_VIA');
}
} // end if
if(empty($HTTP_X_COMING_FROM))
{
if(!empty($_SERVER) && isset($_SERVER['HTTP_X_COMING_FROM']))
{
$HTTP_X_COMING_FROM = $_SERVER['HTTP_X_COMING_FROM'];
}
elseif(!empty($_ENV) && isset($_ENV['HTTP_X_COMING_FROM']))
{
$HTTP_X_COMING_FROM = $_ENV['HTTP_X_COMING_FROM'];
}
elseif(!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_X_COMING_FROM']))
{
$HTTP_X_COMING_FROM = $HTTP_SERVER_VARS['HTTP_X_COMING_FROM'];
}
elseif(!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_X_COMING_FROM']))
{
$HTTP_X_COMING_FROM = $HTTP_ENV_VARS['HTTP_X_COMING_FROM'];
}
elseif(@getenv('HTTP_X_COMING_FROM'))
{
$HTTP_X_COMING_FROM = getenv('HTTP_X_COMING_FROM');
}
} // end if
if(empty($HTTP_COMING_FROM))
{
if(!empty($_SERVER) && isset($_SERVER['HTTP_COMING_FROM']))
{
$HTTP_COMING_FROM = $_SERVER['HTTP_COMING_FROM'];
}
elseif(!empty($_ENV) && isset($_ENV['HTTP_COMING_FROM']))
{
$HTTP_COMING_FROM = $_ENV['HTTP_COMING_FROM'];
}
elseif(!empty($HTTP_COMING_FROM) && isset($HTTP_SERVER_VARS['HTTP_COMING_FROM']))
{
$HTTP_COMING_FROM = $HTTP_SERVER_VARS['HTTP_COMING_FROM'];
}
elseif(!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_COMING_FROM']))
{
$HTTP_COMING_FROM = $HTTP_ENV_VARS['HTTP_COMING_FROM'];
}
elseif(@getenv('HTTP_COMING_FROM'))
{
$HTTP_COMING_FROM = getenv('HTTP_COMING_FROM');
}
} // end if
// Gets the default ip sent by the user
if(!empty($REMOTE_ADDR))
{
$direct_ip = $REMOTE_ADDR;
}
// Gets the proxy ip sent by the user
$proxy_ip='';
if(!empty($HTTP_X_FORWARDED_FOR))$proxy_ip = $HTTP_X_FORWARDED_FOR;
elseif(!empty($HTTP_X_FORWARDED))$proxy_ip = $HTTP_X_FORWARDED;
elseif(!empty($HTTP_FORWARDED_FOR))$proxy_ip = $HTTP_FORWARDED_FOR;
elseif(!empty($HTTP_FORWARDED))$proxy_ip = $HTTP_FORWARDED;
elseif(!empty($HTTP_VIA))$proxy_ip = $HTTP_VIA;
elseif(!empty($HTTP_X_COMING_FROM))$proxy_ip = $HTTP_X_COMING_FROM;
elseif(!empty($HTTP_COMING_FROM))$proxy_ip = $HTTP_COMING_FROM;
// Returns the true IP if it has been found, else FALSE
if (empty($proxy_ip))
{
// True IP without proxy
return $direct_ip;
}
else
{
$is_ip = ereg('^([0-9]{1,3}\.){3,3}[0-9]{1,3}', $proxy_ip, $regs);
if($is_ip && (count($regs) > 0))
{
// True IP behind a proxy
return $regs[0];
}
else
{
// Can't define IP: there is a proxy but we don't have
// information about the true IP
return FALSE;
}
} // end if... else...
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.