PHP如何从我的站点阻止代理?
我正在寻找阻止代理进入我的网站的绝对最好的方法。原因是我在项目中使用了唯一的IP地址 你推荐什么PHP如何从我的站点阻止代理?,php,Php,我正在寻找阻止代理进入我的网站的绝对最好的方法。原因是我在项目中使用了唯一的IP地址 你推荐什么 谢谢 不可能完全准确地确定连接到您网站的人是否代理了其他人的请求 您可以合理地实时执行的最佳操作是查找X-FORWARDED-forHTTP头,一些代理将使用该头通知您代理所连接的客户端的IP地址 $headers = apache_request_headers(); $forwarded = $headers['X-Forwarded-For']; 如果您假设每个IP地址对应于不同的人,那么您
谢谢 不可能完全准确地确定连接到您网站的人是否代理了其他人的请求 您可以合理地实时执行的最佳操作是查找
X-FORWARDED-for$headers = apache_request_headers();
$forwarded = $headers['X-Forwarded-For'];
如果您假设每个IP地址对应于不同的人,那么您的假设是错误的。连接到internet的设备比可用IP多得多。学校里的每个人都有一个知识产权。大公司中的每个人通常都共享一个IP。每个AOL拨号用户共享几个IP。每个MSN拨号用户共享几个IP。您不应该依赖唯一的IP地址。很多人在工作或学校都在防火墙后面,所以一个ip并不意味着一台机器或一个用户
如果要标识用户、设置cookie或使用会话。问题是,如果您拥有合法的IP并包含此标头,并且使此标头优于IP,则会得到错误的结果
将两者分开存储可能是值得的。我不知道有什么防弹方法可以做到这一点,但这将是非常完整的:
if (get_ip_address() !== get_ip_address(true))
{
echo 'using proxy';
}
function get_ip_address($proxy = false)
{
if ($proxy === true)
{
foreach (array('HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED') as $key)
{
if (array_key_exists($key, $_SERVER) === true)
{
foreach (array_map('trim', explode(',', $_SERVER[$key])) as $ip)
{
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_IPV6 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false)
{
return $ip;
}
}
}
}
}
return $_SERVER['REMOTE_ADDR'];
}
我发现了一段取自PhpMyAdmin的代码,它使用PHP的一些可能性来检测代理和代理背后的IP。对我来说,这段代码运行了很多次,但不是100%。我把它贴在这里是为了你的测试和考虑 当确定透明代理后的强代理或用户IP时,返回FALSE 检查PhpMyAdmin的新版本以获取更新
function get_ip()
{
global $REMOTE_ADDR;
global $HTTP_X_FORWARDED_FOR, $HTTP_X_FORWARDED, $HTTP_FORWARDED_FOR, $HTTP_FORWARDED;
global $HTTP_VIA, $HTTP_X_COMING_FROM, $HTTP_COMING_FROM;
global $HTTP_SERVER_VARS, $HTTP_ENV_VARS;
// Get some server/environment variables values
if(empty($REMOTE_ADDR))
{
if(!empty($_SERVER)&&isset($_SERVER['REMOTE_ADDR']))
{
$REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
}
elseif(!empty($_ENV)&&isset($_ENV['REMOTE_ADDR']))
{
$REMOTE_ADDR = $_ENV['REMOTE_ADDR'];
}
elseif(!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['REMOTE_ADDR']))
{
$REMOTE_ADDR = $HTTP_SERVER_VARS['REMOTE_ADDR'];
}
elseif(!empty($HTTP_ENV_VARS)&&isset($HTTP_ENV_VARS['REMOTE_ADDR']))
{
$REMOTE_ADDR = $HTTP_ENV_VARS['REMOTE_ADDR'];
}
elseif(@getenv('REMOTE_ADDR'))
{
$REMOTE_ADDR = getenv('REMOTE_ADDR');
}
} // end if
if(empty($HTTP_X_FORWARDED_FOR))
{
if(!empty($_SERVER) && isset($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$HTTP_X_FORWARDED_FOR = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
elseif(!empty($_ENV) && isset($_ENV['HTTP_X_FORWARDED_FOR']))
{
$HTTP_X_FORWARDED_FOR = $_ENV['HTTP_X_FORWARDED_FOR'];
}
elseif(!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']))
{
$HTTP_X_FORWARDED_FOR = $HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'];
}
elseif(!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_X_FORWARDED_FOR']))
{
$HTTP_X_FORWARDED_FOR = $HTTP_ENV_VARS['HTTP_X_FORWARDED_FOR'];
}
elseif(@getenv('HTTP_X_FORWARDED_FOR'))
{
$HTTP_X_FORWARDED_FOR = getenv('HTTP_X_FORWARDED_FOR');
}
} // end if
if(empty($HTTP_X_FORWARDED))
{
if(!empty($_SERVER) && isset($_SERVER['HTTP_X_FORWARDED']))
{
$HTTP_X_FORWARDED = $_SERVER['HTTP_X_FORWARDED'];
}
elseif(!empty($_ENV) && isset($_ENV['HTTP_X_FORWARDED']))
{
$HTTP_X_FORWARDED = $_ENV['HTTP_X_FORWARDED'];
}
elseif(!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_X_FORWARDED']))
{
$HTTP_X_FORWARDED = $HTTP_SERVER_VARS['HTTP_X_FORWARDED'];
}
elseif(!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_X_FORWARDED']))
{
$HTTP_X_FORWARDED = $HTTP_ENV_VARS['HTTP_X_FORWARDED'];
}
elseif(@getenv('HTTP_X_FORWARDED'))
{
$HTTP_X_FORWARDED = getenv('HTTP_X_FORWARDED');
}
} // end if
if(empty($HTTP_FORWARDED_FOR))
{
if(!empty($_SERVER) && isset($_SERVER['HTTP_FORWARDED_FOR']))
{
$HTTP_FORWARDED_FOR = $_SERVER['HTTP_FORWARDED_FOR'];
}
elseif(!empty($_ENV) && isset($_ENV['HTTP_FORWARDED_FOR']))
{
$HTTP_FORWARDED_FOR = $_ENV['HTTP_FORWARDED_FOR'];
}
elseif(!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_FORWARDED_FOR']))
{
$HTTP_FORWARDED_FOR = $HTTP_SERVER_VARS['HTTP_FORWARDED_FOR'];
}
elseif(!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_FORWARDED_FOR']))
{
$HTTP_FORWARDED_FOR = $HTTP_ENV_VARS['HTTP_FORWARDED_FOR'];
}
elseif(@getenv('HTTP_FORWARDED_FOR'))
{
$HTTP_FORWARDED_FOR = getenv('HTTP_FORWARDED_FOR');
}
} // end if
if(empty($HTTP_FORWARDED))
{
if(!empty($_SERVER) && isset($_SERVER['HTTP_FORWARDED']))
{
$HTTP_FORWARDED = $_SERVER['HTTP_FORWARDED'];
}
elseif(!empty($_ENV) && isset($_ENV['HTTP_FORWARDED']))
{
$HTTP_FORWARDED = $_ENV['HTTP_FORWARDED'];
}
elseif(!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_FORWARDED']))
{
$HTTP_FORWARDED = $HTTP_SERVER_VARS['HTTP_FORWARDED'];
}
elseif(!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_FORWARDED']))
{
$HTTP_FORWARDED = $HTTP_ENV_VARS['HTTP_FORWARDED'];
}
elseif(@getenv('HTTP_FORWARDED'))
{
$HTTP_FORWARDED = getenv('HTTP_FORWARDED');
}
} // end if
if(empty($HTTP_VIA))
{
if(!empty($_SERVER) && isset($_SERVER['HTTP_VIA']))
{
$HTTP_VIA = $_SERVER['HTTP_VIA'];
}
elseif(!empty($_ENV) && isset($_ENV['HTTP_VIA']))
{
$HTTP_VIA = $_ENV['HTTP_VIA'];
}
elseif(!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_VIA']))
{
$HTTP_VIA = $HTTP_SERVER_VARS['HTTP_VIA'];
}
elseif(!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_VIA']))
{
$HTTP_VIA = $HTTP_ENV_VARS['HTTP_VIA'];
}
elseif(@getenv('HTTP_VIA'))
{
$HTTP_VIA = getenv('HTTP_VIA');
}
} // end if
if(empty($HTTP_X_COMING_FROM))
{
if(!empty($_SERVER) && isset($_SERVER['HTTP_X_COMING_FROM']))
{
$HTTP_X_COMING_FROM = $_SERVER['HTTP_X_COMING_FROM'];
}
elseif(!empty($_ENV) && isset($_ENV['HTTP_X_COMING_FROM']))
{
$HTTP_X_COMING_FROM = $_ENV['HTTP_X_COMING_FROM'];
}
elseif(!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['HTTP_X_COMING_FROM']))
{
$HTTP_X_COMING_FROM = $HTTP_SERVER_VARS['HTTP_X_COMING_FROM'];
}
elseif(!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_X_COMING_FROM']))
{
$HTTP_X_COMING_FROM = $HTTP_ENV_VARS['HTTP_X_COMING_FROM'];
}
elseif(@getenv('HTTP_X_COMING_FROM'))
{
$HTTP_X_COMING_FROM = getenv('HTTP_X_COMING_FROM');
}
} // end if
if(empty($HTTP_COMING_FROM))
{
if(!empty($_SERVER) && isset($_SERVER['HTTP_COMING_FROM']))
{
$HTTP_COMING_FROM = $_SERVER['HTTP_COMING_FROM'];
}
elseif(!empty($_ENV) && isset($_ENV['HTTP_COMING_FROM']))
{
$HTTP_COMING_FROM = $_ENV['HTTP_COMING_FROM'];
}
elseif(!empty($HTTP_COMING_FROM) && isset($HTTP_SERVER_VARS['HTTP_COMING_FROM']))
{
$HTTP_COMING_FROM = $HTTP_SERVER_VARS['HTTP_COMING_FROM'];
}
elseif(!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['HTTP_COMING_FROM']))
{
$HTTP_COMING_FROM = $HTTP_ENV_VARS['HTTP_COMING_FROM'];
}
elseif(@getenv('HTTP_COMING_FROM'))
{
$HTTP_COMING_FROM = getenv('HTTP_COMING_FROM');
}
} // end if
// Gets the default ip sent by the user
if(!empty($REMOTE_ADDR))
{
$direct_ip = $REMOTE_ADDR;
}
// Gets the proxy ip sent by the user
$proxy_ip='';
if(!empty($HTTP_X_FORWARDED_FOR))$proxy_ip = $HTTP_X_FORWARDED_FOR;
elseif(!empty($HTTP_X_FORWARDED))$proxy_ip = $HTTP_X_FORWARDED;
elseif(!empty($HTTP_FORWARDED_FOR))$proxy_ip = $HTTP_FORWARDED_FOR;
elseif(!empty($HTTP_FORWARDED))$proxy_ip = $HTTP_FORWARDED;
elseif(!empty($HTTP_VIA))$proxy_ip = $HTTP_VIA;
elseif(!empty($HTTP_X_COMING_FROM))$proxy_ip = $HTTP_X_COMING_FROM;
elseif(!empty($HTTP_COMING_FROM))$proxy_ip = $HTTP_COMING_FROM;
// Returns the true IP if it has been found, else FALSE
if (empty($proxy_ip))
{
// True IP without proxy
return $direct_ip;
}
else
{
$is_ip = ereg('^([0-9]{1,3}\.){3,3}[0-9]{1,3}', $proxy_ip, $regs);
if($is_ip && (count($regs) > 0))
{
// True IP behind a proxy
return $regs[0];
}
else
{
// Can't define IP: there is a proxy but we don't have
// information about the true IP
return FALSE;
}
} // end if... else...
}
internet上有几种类型的代理,一些代码无法检测到所有代理。VPN、web代理、Tor和开放代理是一些常规工具无法始终检测到的代理的示例。处理和检测这些不同代理的最佳方法是使用这些代理地址的更新黑名单。一个例子是 添加到.htaccess
RewriteEngine on
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule ^(.*)$ - [F]
嗨,丹,谢谢你的评论。老实说,我并不期待一个完美的解决方案,我知道这是遥不可及的。但是任何有帮助的都会很好。你能给我一个检测头的示例代码吗?再次感谢。+1是的,并且有一些很好的信息。是的,许多人共享相同的IP,但是他们同时访问你的网站的机会几乎为零。如果你有一个很好的商业理由通过IP阻止代理,我会这么做当你说你“使用唯一的IP地址”你的意思是你假设每个IP地址代表一个唯一的用户?如果是这样的话,那就别再假设了,你绝对无法确保每个用户都有一个唯一的IP。使用Cookie是给每个用户(机器上的每个浏览器)一个唯一的ID的真正方法。谢谢Byron,我使用会话为我的用户,但这是为了跟踪位置。我得到了一个错误(解析错误:语法错误,意外的T_AS)@Alexwhin:我漏掉了一个括号,现在已修复。似乎什么都没做,使用代理除了常规浏览之外什么都没显示:/@Alexwhin:它不应该“显示”任何内容,请使用第一个代码段重试。@Alix我尝试添加了一个echo,但它似乎没有显示任何内容:/如何调用函数?或显示输出。返回值的类型/结构与
$\u SERVER['REMOTE\u ADDR']$\u SERVER['REMOTE\u ADDR']=get\u ip()