Suppose I have a proxy IP address, but no infos about it.
Is this possible to know from scratch which kind of proxy it is (distant webservers doesn't know I'm behind a proxy, distant webservers know I'm behind a proxy but doesn't know my IP, distant webservers know both infos)?
Is there a simple test to verify which infos are known about me when I'm navigating?
[edit]
If someone has a simple answer like "no because [etc]", he's welcomed. My first question is "is it feasable".
Lagado Proxy Text mentioned by Joshua Drake in comments works, so it is feasible. The important thing is now to learn how does it work.
Its operation is pretty simple: just be a website. So if you can afford to set up a website which will do exactly the same and will cope with all the traffic you're going to send to it, the problem is solved.
What should such a website do? Check for headers sent by client. The relevant ones are mentioned on the Lagado's page: Via, Forwarded, X-Forwarded-For and Client-ip.
The rest should be easy.
And answering your second question: see BrowserSpy.
Related
I will try and keep this as short as possible, although I may be leaving some things out, due to inexperience and/or lack of knowledge.
I have successfully been able to redirect from Website A to Website B, much like what was illustrated in the link C# - HttpWebResponse redirect to external URL (Thank You to everyone involved, this was very helpful)
The only problem is, that in Website B, after the redirection seems to have been successful, the system seems to ignore what happened , and redirect again back to it's Default home controller index Get Action result, and continues to Log in as if the Redirection never took place. I have removed everything that may cause this, in my opinion, like Attributes to check authentication etc.
Any help in this regard will be much appreciated.
According to your reference link( https://stackoverflow.com/questions/27503986/c-sharp-httpwebresponse-redirect-to-external-url), they try to create a single-sign-on system. Because they have 2 websites. The question of this link that how can they solve this problem with HtppWebRequest class. This is not possible ofcourse.
If you look at the answer section that I added on image, Author offer to use cookie sharing.
What is the correct solution to share authanctication info between different web site?
You should search about on Single Sing On Authantication methods.
Here is a few clue
OAuth(Google, Facebook)
SAML Protocol
JWt
may Jwt a bit hard way ;)
We've now got plenty of sites which all use a log4net base error loging framework and we receive error from site from anywhere it append. We've notice that some of them catch error because of "Bot" like google, bing, yahoo, etc. But there's a things we've not sure about how to resolve. I've two questions about it :
Is "Java/1.6.0_24" a Bot? Because the user-agent of my question #2 is about this.
The "Java/1.6.0_24" still calling subfolder on our site that just do not exists! Like, if we have a page called "Page1.aspx", instead of calling "~/Page1.aspx", he calls it "~/minisite/Page1.aspx". How can I tell him he's wrong? Is there a way to do it?
Thanks you
It's most likely a bot but it could as well be some kind of browser based on Java that sends that user-agent string - you can't trust it 100% but it can give you an estimate idea of what the connecting entity is. Depending on the kind of bot it might as well just ignore your robots.txt so I'd just impement some handling stuff somewhere.
Did those folders ever exist? If so, you could use HTTP's permanent redirect (code 301) to tell him to no longer look there - however that doesn't guarantee it will do so.
I am trying to get the IP address of the request coming in from the httpheader. If value is x do something, if not do somthing else. Can anyone help me out?
Does this help? it seems pretty straight forward.
From the link, there are a few different ways:
HttpContext.Current.Request.UserHostAddress;
HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"];
HttpContext.Current.Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
You might want to look here. The HTTP standards do not define the source address as part of the protocol. Infact HTTP does not directly relate to IPv4 /IPv6 at all.
Generally, a webserver will easily be able to tell the network address of the other end of the socket ( the end where the web browser is ). It does not use HTTP to do this, rather it will use features of the OS's networking stack.
In the case of ASP.NET you should be able to find the IP address where the request came from. You might try looking at System.Web.HttpRequest.UserHostAddress
If you go to whatismyipaddress.com using a public proxy, it will report your proxy ip, but it will also (usually) report that you're using a proxy, and your originating IP as well in many cases.
How does it do this?
Similar sites like Gmail and Craigslist can tell if the computers connecting to them are proxy servers as well.
I have a site with data that is free to browse 200x/day/ip, but I'd like to protect it from harvesting by people using proxies.
Any tips or insights into how this is accomplished are appreciated.
Please check this SO thread. It explains how to do it. It is tagged for PHP but I think the idea remains same here.
**EDIT :**I am duplicating the accepted answer here for reference :
TOR does not supply any server headers
such as X_FORWARDED_FOR, so your best
bet is to use a list of all known exit
nodes. A list can be found at
https://torstat.xenobite.eu/.
For other proxies, you can look at
server headers. Possible server
headers of interest include:
HTTP_VIA
HTTP_X_FORWARDED_FOR
HTTP_FORWARDED_FOR
HTTP_X_FORWARDED
HTTP_FORWARDED
HTTP_CLIENT_IP
HTTP_FORWARDED_FOR_IP
VIA
X_FORWARDED_FOR
FORWARDED_FOR
X_FORWARDED
FORWARDED
CLIENT_IP
FORWARDED_FOR_IP
HTTP_PROXY_CONNECTION
In PHP, you can get the value of these
fields in the $_SERVER[] superglobal.
Is there a way to add a custom prefix/URI that is not http or https? The HTTPListener.Prefixes.Add method only accepts http:// and https:// prefixes.
I just don't want to recreate the functionality of this class if I don't have to.
What did you have in mind? Mainly, I doubt it; besides, it will still only handle http[s], so why confuse things with a different scheme name? You can listen on a different port by adding it to the prefix list (eg "http://127.0.0.1:90/"), though. If a client connects on that port using the correct protocol (http vs https) then it would probably work - you'd just have a lot of work to do at the client to tell it how to handle that scheme.
I'm not sure I see a point, to be honest...