PHP - Referer 重定向脚本
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/857427/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
PHP - Referer redirect script
提问by bumperbox
Often, when searching for answers, I have found that certain websites will allow you to read the information they offer if the referer is, for example, google.com. Yet, if you link directly to the information, it will be unavailable.
通常,在搜索答案时,我发现某些网站会允许您阅读他们提供的信息,例如,如果引用者是 google.com。但是,如果您直接链接到该信息,它将不可用。
What I am looking for is the smallest PHP script that will set a referer of my choice, and a destination, like so:
我正在寻找的是最小的 PHP 脚本,它将设置我选择的引用和目的地,如下所示:
http://example.com/ref_red.php?referer=http://google.com/&end=http://example.net/
Notes:
笔记:
- ref_red.phpis the name of the script on my example.
- refererand endshould accept http, https, ftp.
- refererand endcan contain an URI of any type, as simple as http://end.comor as complicated as:
http://example.com/some/rr/print.pl?document=rr, for example.
- ref_red.php是我示例中脚本的名称。
- referer和end应该接受http, https, ftp。
- referer和end可以包含任何类型的 URI,例如简单如http://end.com或复杂如:
http://example.com/some/rr/print.pl?document=rr。
NOTE:As recommended on a reply, I am adding this. The script isn't a full proxy per se. Only initial HTTP request would be proxied(not subsequent requests like images,etc) for the sole purposeof setting the referer.
注意:按照回复中的建议,我正在添加此内容。该脚本本身并不是一个完整的代理。只有初始 HTTP 请求会被代理(而不是后续请求,如图像等),其唯一目的是设置referer。
回答by bumperbox
this function should give you a starting point it will fetch any http url with the specified referrer
此函数应该为您提供一个起点,它将获取具有指定引用者的任何 http url
handling the query parms should be pretty trivial, so i will leave that part for you to do
处理查询参数应该很简单,所以我会把那部分留给你去做
<?php
echo geturl('http://some-url', 'http://referring-url');
function geturl($url, $referer) {
$headers[] = 'Accept: image/gif, image/x-bitmap, image/jpeg, image/pjpeg,text/html,application/xhtml+xml';
$headers[] = 'Connection: Keep-Alive';
$headers[] = 'Content-type: application/x-www-form-urlencoded;charset=UTF-8';
$useragent = 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)';
$process = curl_init($url);
curl_setopt($process, CURLOPT_HTTPHEADER, $headers);
curl_setopt($process, CURLOPT_HEADER, 0);
curl_setopt($process, CURLOPT_USERAGENT, $useragent);
curl_setopt($process, CURLOPT_REFERER, $referer);
curl_setopt($process, CURLOPT_TIMEOUT, 30);
curl_setopt($process, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($process, CURLOPT_FOLLOWLOCATION, 1);
$return = curl_exec($process);
curl_close($process);
return $return;
}
?>
回答by jbasko
You can use one of the services available on Internet which allow hiding referrers (by setting their address), but you cannot impose a specific referrer that ain't the actual referrer. The user must actually be redirected to that website (which will appear as a referrer) before he is redirected to the target website.
您可以使用 Internet 上提供的一项服务,该服务允许隐藏引荐来源网址(通过设置其地址),但您不能强加一个不是实际引荐来源网址的特定引荐来源网址。在将用户重定向到目标网站之前,必须将用户实际重定向到该网站(将显示为引用者)。
One of such services: http://linkanon.com
其中一项服务:http: //linkanon.com
edit:
编辑:
Since you changed your question now, my comment about writing a user agent in PHP which acts like a proxy, applies, but then this gets close to a criminal activity, because you will be displaying a third party website to a user who might think that she is in the actual website, while in fact she will have loaded your content (the content you have passed on). To perform this close-to-criminal activity (you are one step away from trying to read a username and password), you load the third party's website content with PHP by using your own written user agent which specifies the fake referrer and simply passes the output to visitor of your website. The function in PHP which lets one send HTTP headers, is header($header):
既然你现在改变了你的问题,我关于用 PHP 编写一个像代理一样的用户代理的评论适用,但是这接近犯罪活动,因为你将向可能认为的用户显示第三方网站她在实际网站中,而实际上她将加载您的内容(您传递的内容)。为了执行这种接近犯罪的活动(您离尝试读取用户名和密码仅一步之遥),您通过使用您自己的书面用户代理,使用 PHP 加载第三方的网站内容,该代理指定了假推荐人并简单地传递输出到您网站的访问者。PHP 中允许发送 HTTP 标头的函数是 header($header):
header("Referer: http://example.org");
Instead of shouting at people who try to help, you could try to read HTTP (that's the protocol according to which the world turns around) specification regarding Referer header: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html(See Section 14.36).
您可以尝试阅读有关 Referer 标头的 HTTP(这是世界转向的协议)规范,而不是对试图提供帮助的人大喊大叫:http: //www.w3.org/Protocols/rfc2616/rfc2616-sec14 .html(参见第 14.36 节)。
You also might want to read http://en.wikipedia.org/wiki/Referrer_spoofingwhere you can see that it's all about client side. PHP is server side. All you can do is try to write a client code (Javascript) generated by PHP, but if you have any luck, then you're breaking into user's world.
您可能还想阅读http://en.wikipedia.org/wiki/Referrer_spoofing,在那里您可以看到这一切都与客户端有关。PHP是服务器端。您所能做的就是尝试编写由 PHP 生成的客户端代码 (Javascript),但如果运气好的话,那么您就闯入了用户的世界。
回答by Adam Wright
The referer is set by your browser, not by any server side mechanism. You could, I guess, construct a proxy in PHP that makes the request of the remote server and sets the referer header appropriately. It seems more useful to just use a Firefox plugin, e.g. http://www.stardrifter.org/refcontrol/.
引用由您的浏览器设置,而不是由任何服务器端机制设置。我想,您可以在 PHP 中构建一个代理,以发出远程服务器的请求并适当地设置引用标头。只使用 Firefox 插件似乎更有用,例如http://www.stardrifter.org/refcontrol/。
Edit: I'd reword your question to make it clear you want to write a PHP proxy, with a custom referrer header. I'd probably just modify something like http://sourceforge.net/projects/poxy/to take the referrer parameter and pass it on.
编辑:我会改写您的问题,以明确您要编写一个带有自定义引用标头的 PHP 代理。我可能只是修改类似的东西http://sourceforge.net/projects/poxy/获取引用参数并将其传递。
Edit again: You may be clear on what you're asking, but asking for the impossible doesn't make it possible. The browser is responsible for setting the referrer header; it uses the URI that caused it to redirect to a new resource. You're asking for a script that says "Please visit http://example.net, but pretend that I'm actually www.foo.com when you do so". There is no mechanism for the server to instruct the browser to "lie" about where it came from.
再次编辑:您可能很清楚自己在问什么,但要求不可能的事情并不能使它成为可能。浏览器负责设置referrer header;它使用导致它重定向到新资源的 URI。您需要一个脚本,上面写着“请访问http://example.net,但在您这样做时假装我实际上是 www.foo.com”。服务器没有任何机制来指示浏览器“撒谎”它来自哪里。
I suppose it may be possible via some convoluted JavaScript hacking, but it would be hacking in the black hat sense - a web site being able to force a browser to spoof the referrer would be a real security hole.
我想通过一些复杂的 JavaScript 黑客攻击可能是可能的,但这将是黑帽意义上的黑客攻击 - 一个能够强制浏览器欺骗引用者的网站将是一个真正的安全漏洞。
