How to prevent a site from being accessed by a malicious reverse proxy _php Tutorial

Source: Internet
Author: User
Recently someone used a small station data, using reverse proxy technology, made a thief stand. The user accesses his URL, but essentially the content data is mine, which is a malicious reverse proxy event

What is a reverse proxy? First of all, the concept of the forward agent: The forward agent, that is, the legendary agent, he works like a springboard. Simply put, I'm a user, I can't access a website, but I can access a proxy server. This proxy server, he can access the site that I can not access, so I first connected to the proxy server, told him I need the site can not access the content, the proxy server to fetch back, and then back to me. From the point of view of the site, only in the proxy server to fetch the content when there is a record, sometimes do not know the user's request, but also hide the user's information, depending on the agent does not tell the site. The conclusion is that the forward proxy is a server between the client and the origin server, in order to get the content from the original server, the client sends a request to the agent and specifies the target (the original server), then the agent forwards the request to the original server and returns the obtained content to the client. The client must make some special settings to use the forward proxy. So what about the reverse proxy concept? For example, the user visits Http://www.nowamagic.net/librarys/veda this page, but www.nowamagic.net actually does not exist this page, he is secretly from another server to fetch back, and then spit to the user as his own content. But the user does not know, this is normal, the user is generally very stupid. The www.nowamagic.net mentioned here has the reverse proxy function set for the server that corresponds to this domain name. The conclusion is that the reverse proxy is just the opposite, for the client it is like the original server, and the client does not need to make any special settings. The client sends a normal request to the content in the reverse proxy's namespace (name-space), and then the reverse proxy determines where (the originating server) forwards the request and returns the obtained content to the client, as if the content had been its own. Malicious reverse proxy of the harm of the site by malicious reverse proxy what is the harm? Here are some examples: • First of all, it will take up server resources, Web site opening speed affected. Second, other people through the agent to steal your website data, for users and not so smart search engine, the equivalent of building a site that is exactly the same as you, then it is likely that your site will go into the search engine sandbox, or even down the right. • If a malicious agent's page is still linked to your affiliate AD (such as AdSense), it's dangerous, and if someone clicks on the ad above, it's easy to get an adsense number. • There are many hazards, the reader can self-repair ... js-level solution code is as follows: The script is simple, if the Address bar URL is not nowamagic.net and www.nowamagic.net any one, then the address bar to goTo http://www.nowamagic.net/. This code can also avoid being used by reverse proxy technology to "forge" a website that is exactly the same as yourself. Off-topic: How to prevent a site from being embedded in an IFRAME. Some people use IFRAME to make a framework, to embed our site, visitors to browse the time, as if browsing his own site, then how to solve it? The following methods can be broken: The code is as follows: PHP-level Solution JS-level solution can let the malicious agent page back, but not friendly to the search engine. Here is the server-side (PHP) solution, the code is relatively simple, not much to say. The code is as follows: $proxy _rs = $this, Proxy_filter (), if ($proxy _rs! = ' Nowamagic.net ' | | $proxy _rs! = ' www.nowamagic.net ') {echo ' Illegal reverse proxy access '; Header (' location:http://www.nowamagic.net/'); Exit;} Public Function Proxy_filter () {/* $svrUrl = ' http://'. $_server[' server_name '].$_server["php_self"]; if (!empty ($_ server["Query_string"]) {$svrUrl. = "?". $_server["Query_string"]; } return $SVRURL; */return $_server[' server_name '];} Htaccess-level solutions. The htaccess code is as follows: Rewriteengine onrewritebase/php_value auto_append_file proxy.php proxy.php code as follows: This is because of the particularity of my website, has not tried, but the online commonly used this method. Apache httpd.conf level Solution This Apache how to forbid I have not yet come out, Nginx pour can, but I use Apache, if you know, please tell me next ~

http://www.bkjia.com/PHPjc/743296.html www.bkjia.com true http://www.bkjia.com/PHPjc/743296.html techarticle recently someone used a small station data, using reverse proxy technology, made a thief stand. User access is his URL, but the actual content data is my, this is a malicious reverse proxy thing ...

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.