php “x-power by”是什么意思?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/33580671/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
What does "x-powered by" mean?
提问by Ali Mohyudin
I'm just curious to know what "x-powered by" means when we try to find the Web Server Information about some website.
我只是想知道当我们尝试查找有关某个网站的 Web 服务器信息时,“x-powered by”是什么意思。
What I'm trying:
我正在尝试什么:
Actually I'm trying to find out what technologies different websites are using. But the confusion is created when "Web Server Information" for one particular website is showing x-powered-by: ZendServer 8.5.0,ASP.NETwhich is showing ZendServerthat is for phpand ASP.NETthat is opposite(technology) to php.
The bad question that comes in my mind after seeing this information of x-powered-byis "Are they using both at a time?"
实际上,我试图找出不同网站使用的技术。但混乱时创建的“Web服务器信息”的一个特定的网站显示x-powered-by: ZendServer 8.5.0,ASP.NET该图是ZendServer这是php和ASP.NET是相反的(技术)到PHP。看到这些信息后,我想到的坏问题x-powered-by是“他们是否同时使用两者?”
回答by rawb
"X-Powered-By" is a common non-standard HTTP response header (most headers prefixed with an 'X-' are non-standard). It's often included by default in responses constructed via a particular scripting technology.
“X-Powered-By”是一个常见的非标准 HTTP 响应标头(大多数以“X-”为前缀的标头都是非标准的)。它通常默认包含在通过特定脚本技术构建的响应中。
It's important to note that it it can be disabled and/or manipulated by the server. Some servers chose not to include it or even to provide misleading information to throw off hackers that might target a particular technology/version.
重要的是要注意它可以被服务器禁用和/或操纵。一些服务器选择不包含它,甚至提供误导性信息以避开可能针对特定技术/版本的黑客。
If I wanted to send out that response header in a PHP script it's as simple as including the following code:
如果我想在 PHP 脚本中发送该响应头,它就像包含以下代码一样简单:
header('x-powered-by: ZendServer 8.5.0,ASP.NET');
header('x-powered-by: ZendServer 8.5.0,ASP.NET');
It cannot necessarily be trusted. The server in question could very well be using some combination of technologies you mentioned, or perhaps neither. It can be a helpful start, but there is no way to definitively tell what scripting software is being used on a server simply from an HTTP response.
它不一定是可信的。有问题的服务器很可能使用了您提到的某种技术组合,或者两者都不使用。这可能是一个有用的开始,但无法仅从 HTTP 响应中明确地判断服务器上正在使用什么脚本软件。
回答by Richard
It – like all headers – is sent by the server (including any web application running on that server). Or it could be set by an intermediate proxy.
它与所有标头一样由服务器发送(包括在该服务器上运行的任何 Web 应用程序)。或者它可以由中间代理设置。
X-Powered-Byis set by various servers to say what kind of server it is.
X-Powered-By由各种服务器设置来说明它是哪种服务器。
Software installed on that server might override the server's default.
该服务器上安装的软件可能会覆盖服务器的默认设置。
There is an argument that giving this information to clients gives information that can only serve to help attackers (just a little bit: saves working out what kind of server).
有一种观点认为,将这些信息提供给客户端所提供的信息只能帮助攻击者(只是一点点:节省了确定哪种服务器的工作)。
Summary: set by server, at best informational, at worst could make attacks a tiny bit easier.
总结:由服务器设置,充其量是信息性的,最坏的情况是可以使攻击更容易一点。
