浏览器和程序化 http 请求之间是否有任何可检测到的差异
有没有办法从标头或其他数据判断请求是来自浏览器还是非浏览器程序?
Is there any way to tell from headers or other data, whether a request is from a browser or non-browser program?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
浏览器是一个编程式的HTTP请求。
它只是碰巧有一个用户在它前面。
不过,某些编程式 HTTP 请求不会包含
User-Agent
标头。您可以做一些奇特的事情,例如使用 Javascript 发送记录的鼠标移动并以统计方式检查它们,并且非浏览器客户端可以模拟它们。
或者您可以只使用验证码。
The browser is a programmatic HTTP request.
It just happens to have a user in front of it.
Some programmatic HTTP requests won't include a
User-Agent
header, though.You could do something fancy, such as sending recorded mouse movements using Javascript and checking them statistically, and the non-browser client can simulate them.
Or you could just use a CAPTCHA.
您可以通过检查用户代理和引荐来源网址进行不可靠的猜测,但这两者都很容易被欺骗。
最好的方法是使用某种形式的验证码。这就是他们要做的事情,区分人类和自动化行为。
You could unreliably guess by inspecting user agent and referrer, but both are easily spoofed.
Best way is to use some form of CAPTCHA. That is what they were made to do, differentiate between humans and automated actions.