如何不允许PHP中的cURL访问本地地址?

问题描述 投票:0回答:1

我已经设置了一个在线php curl http标头检索器。

如何运作:用户转到URL https://www.example.com/header/,然后有一个输入字段,用户可以在其中输入域名。然后单击提交。然后,PHP使用curl检索网站的http标头。仅当网站有效时,它才会检索在那里输入的标题,否则将等待5秒钟,然后关闭连接。如果该网址无效,则不会执行curl(PHP使用正则表达式来获取该网址)。

但是,如果用户在输入字段中输入“ localhost”,它将检索localhost。如何阻止它从本地网络检索网站?我对此没有任何疑问。所以请帮助我。

它使用的cURL选项是:

curl_setopt($ch, CURLOPT_URL, $domain);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_NOBODY, 1);
curl_setopt($ch, CURLOPT_TIMEOUT_MS, 5000);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2_0);
//Is there any option I could use to not allow local network connection?

编辑

以防万一,如果拥有完整的代码,这会更容易:

<form action="" method="get">
<p><b><label for="domain">Domain/IP Address:</label></b> <input type="text" name="url" id="url" value="<?=htmlentities($_GET["url"], ENT_QUOTES);?>"> <input type="submit" class="btn home" value="Lookup"></p>
</form>
<?php
$domain = htmlentities($_GET["url"], ENT_QUOTES);

$ch = curl_init();

// set url
curl_setopt($ch, CURLOPT_URL, $domain);

//return the transfer as a string
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
//enable headers
curl_setopt($ch, CURLOPT_HEADER, 1);
//get only headers
curl_setopt($ch, CURLOPT_NOBODY, 1);
curl_setopt($ch, CURLOPT_TIMEOUT_MS, 5000);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2_0);
// $output contains the output string
$output = htmlentities(curl_exec($ch), ENT_QUOTES);
$curlinfo = curl_getinfo($ch);

// close curl resource to free up system resources
curl_close($ch);

if($domain) {
    if (!preg_match("~^(?:f|ht)tps?://~i", $domain)) { 

        // If not exist then add http 
        $domain = "http://" . $domain; 
    } 
    if (filter_var($domain, FILTER_VALIDATE_URL)) {
        $result = $output;
        echo "<div id='result'>";
        if (trim($result) != "") {
        echo "<pre style='background-color: #EEEEEE; overflow: auto;'><b>\n" . $result . "\n</b></pre>\n";
        echo "Took ". $curlinfo["total_time"]. "seconds.";
        } else {
            echo "<b>Couldn't fetch website. This might be because the website takes more than 5 seconds to load or because the website does not exist.</b>";
        }
        echo "</div>";
    } else {
        echo "Invalid Domain/IP!";
    }
}
?>
php curl php-curl
1个回答
0
投票
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.