小贝子编程

检查用户请求我的网站正在使用 URL 访问或脚本 src |链接 HREF 请求



现在我正在制作自己的东西,就像 Rawgit 一样工作,以防万一 Rawgit 关闭

这是我的PHP代码

<?php
$urlquery = $_SERVER['QUERY_STRING'];
$fullurl = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
$code = file_get_contents($urlquery);
echo $code;
 ?>

此代码是某种脚本 src | 样式链接请求的工作查找

但是当我尝试这样的一些

<?php
$urlquery = $_SERVER['QUERY_STRING'];
$fullurl = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
$code = file_get_contents($urlquery);

echo '<code style="word-wrap: break-word; white-space: pre-wrap;">'.$code.'</code>'
 ?>

从 URL 请求看起来不错,但从脚本 src | styel 链接请求中不起作用

我在想的是,一种检查用户正在使用 URL 或某些请求

的方法看起来像这样 
<?php
$urlquery = $_SERVER['QUERY_STRING'];
$fullurl = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
$code = file_get_contents($urlquery);
echo $code;
if ( user is form URL visiting my site ) {
  echo '<code style="word-wrap: break-word; white-space: pre-wrap;">'.$code.'</code>'
}else {
  //User is scripting
  echo $code
}
 ?>
您可以使用

$_SERVER['HTTP_ACCEPT'] 检查请求是否来自脚本 SRC

如果直接或不直接 src 标头将如下所示:

Host: localhost
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36     (KHTML, like Gecko) Chrome/52.0.2743.24 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
DNT: 1
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Cookie: __utma=111872281.760768228.1462861525.1462861525.1462882676.2; __utmz=111872281.1462861525.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

如果来自 SRC 将如下所示:

Host: localhost
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36     (KHTML, like Gecko) Chrome/52.0.2743.24 Safari/537.36
Accept: */*
DNT: 1
Referer: http://localhost/b/jwplayer/test.txt.html
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Cookie: __utma=111872281.760768228.1462861525.1462861525.1462882676.2; __utmz=111872281.1462861525.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

这是在Firefox和Chrome上测试的。

差异来自标头接受:

直接将"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"

来自SRC将" */*

来自 CSS href " text/css,*/*;q=0.1 "

所以你可以使用脚本:

<?php
$acceptheader=explode(',',$_SERVER['HTTP_ACCEPT']);
if(in_array("text/html", $acceptheader)){
    echo '<pre class="prettyprint">var variable="i am direct & not from SRC";</pre>';
}else{
    echo 'var variable="i am from SRC";';
}

不要忘记添加标头('内容类型:mime');在Chrome上,CSS href 将无法使用设置标头"text/css"。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium