How to Prevent websites from being accessed by malicious reverse proxy (website image protection)

Source: Internet
Author: User
Recently, someone used small-site data and reverse proxy technology to create a thief station. The user accesses his website, but the content data is actually mine. This is a malicious reverse proxy event.

Recently, someone used small-site data and reverse proxy technology to create a thief station. The user accesses his website, but the content data is actually mine. This is a malicious reverse proxy event.

What is reverse proxy?

First, let's talk about the concept of forward Proxy:

A forward proxy, the legendary proxy, works like a stepping stone. Simply put, I am a user and cannot access a website, but I can access a proxy server. This proxy server, he can access the website that I cannot access, So I first connected to the proxy server and told him that I needed the content that could not access the website and the proxy server went back, then return it to me. From the perspective of a website, a record is recorded only when the proxy server obtains the content. Sometimes it is not known that it is a user's request, and it also hides the user's information, the reason is that the agent does not tell the website.

The conclusion is that the forward proxy is a server located between the client and the origin server. To get content from the origin server, the client sends a request to the proxy and specifies the target (the original server). Then, the proxy transfers the request to the original server and returns the obtained content to the client. The client must make some special settings to use the forward proxy.

What is the concept of reverse proxy?

For example, if a user visits this page but does not actually have this page, he secretly retrieves it from another server and then sends it to the user as his content.

However, users do not know, which is normal and generally stupid. The server corresponding to the domain name mentioned here sets the reverse proxy function.

The conclusion is that reverse proxy is the opposite. for a client, it is like an original server, and the client does not need to perform any special settings. The client sends a common request to the content in the namespace (name-space) of the reverse proxy, and then the reverse proxy determines where (original server) to transfer the request, and return the obtained content to the client, just as the content is originally its own.

Dangers of malicious reverse proxy

What are the dangers of website malicious reverse proxy? Here is a list:

• The server resources will be occupied first, and the website opening speed will be affected.
• If someone else steals your website data through proxy, it is equivalent to building a site identical to yours for users and less intelligent search engines, it is very likely that your site will enter the search engine sandbox, or even be downgraded.
• If Your webpage is maliciously represented and your federated advertisement (such as Adsense) is mounted, it is very dangerous. If someone clicks the advertisement above, it is easily blocked by Adsense.
• There are still many dangers, so readers can make up their own brains ......

Js-level solutions

The Code is as follows:


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.