问题
I have used the below code from link to detect the browser is TOR or not.
Code
But when the server is hosted on AWS, we didn't get the exact $_SERVER['SERVER_ADDR'] as the AWS is providing the private ip of machine or load balancer ips.
So is there any way to detect the AWS private ips from the TOR exit list to detect whether the user is using the TOR browser or not.
回答1:
First to make that code work properly, you have to get the actual client IP. That data in sent to your client via the x-forwarded-for header:
From HTTP Headers and Classic Load Balancers:
The X-Forwarded-For request header helps you identify the IP address of a client when you use an HTTP or HTTPS load balancer. Because load balancers intercept traffic between clients and servers, your server access logs contain only the IP address of the load balancer. To see the IP address of the client, use the X-Forwarded-For request header. Elastic Load Balancing stores the IP address of the client in the X-Forwarded-For request header and passes the header to your server.
For more information on how to detect Tor exit nodes, see Tor DNS Exit List:
It is useful for a variety of reasons to determine if a connection is coming from a Tor node. Early attempts to determine if a given IP address was a Tor exit used the directory to match IP addresses and exit policies. This approach had a number of drawbacks, including false negatives when a Tor router exits traffic from a different IP address than its OR port listens on. The Tor DNS-based Exit List was designed to overcome these problems and provide a simple interface for answering the question: is this a Tor exit?
来源:https://stackoverflow.com/questions/48424391/how-to-detect-user-using-the-tor-broswer-using-private-load-balancer-ips-of-aws