http請求頭中Referer的含義和作用
<div class="htmledit_views"> <p style="line-height:1.55;"></p><h1 style="font-weight:500;color:rgb(51,51,51);font-size:30px;font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;"><br></h1><p style="line-height:1.55;color:rgb(51,51,51);font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;font-size:15px;">版權所屬:<a href="https://www.sojson.com/" rel="nofollow" style="color:rgb(1,170,237);" target="_blank">SO JSON線上解析</a></p><p style="line-height:1.55;color:rgb(51,51,51);font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;font-size:15px;">原文地址:<a href="https://www.sojson.com/blog/58.html" rel="nofollow" style="color:rgb(1,170,237);" target="_blank">https://www.sojson.com/blog/58.html</a></p><p class="yellow" style="line-height:1.55;font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;font-size:15px;color:rgb(255,87,34);">轉載時必須以連結形式註明原始出處及本宣告。</p><br><p style="line-height:1.55;"><span style="color:rgb(51,51,51);font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;font-size:15px;"><a href="http://www.sojson.com/tag_referer.html" rel="nofollow" title="Referer" style="color:rgb(1,170,237);" target="_blank">Referer </a>是 <a href="http://www.sojson.com/tag_http.html" rel="nofollow" title="HTTP" style="color:rgb(1,170,237);" target="_blank"> HTTP </a>請求<code style="font-size:.93em;font-family:Menlo, Monaco, Consolas, 'Courier New', monospace;">header</code> 的一部分,當瀏覽器(或者模擬瀏覽器行為)向<code style="font-size:.93em;font-family:Menlo, Monaco, Consolas, 'Courier New', monospace;">web</code> 伺服器傳送請求的時候,頭資訊裡有包含 <a href="http://www.sojson.com/tag_referer.html" rel="nofollow" title="Referer" style="color:rgb(1,170,237);" target="_blank"> Referer </a>。比如我在</span><span style="font-family:Menlo, Monaco, Consolas, 'Courier New', monospace;color:#c7254e;"><span style="font-size:13.95px;background-color:rgb(249,242,244);">www.google.com</span></span><span style="font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;color:#333333;"><span style="font-size:15px;"> 裡有一個</span></span><code style="color:rgb(51,51,51);font-family:Menlo, Monaco, Consolas, 'Courier New', monospace;font-size:.93em;">www.baidu.com</code><span style="font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;color:#333333;"><span style="font-size:15px;"> 連結,那麼點選這個</span></span><code style="color:rgb(51,51,51);font-family:Menlo, Monaco, Consolas, 'Courier New', monospace;font-size:.93em;">www.baidu.com</code><span style="font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;color:#333333;"><span style="font-size:15px;"> ,它的</span></span><code style="color:rgb(51,51,51);font-family:Menlo, Monaco, Consolas, 'Courier New', monospace;font-size:.93em;">header</code><span style="font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;color:#333333;"><span style="font-size:15px;"> 資訊裡就有:</span></span></p><p style="line-height:1.55;color:rgb(51,51,51);font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;font-size:15px;"> Referer=http://www.google.com</p><p style="line-height:1.55;color:rgb(51,51,51);font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;font-size:15px;">由此可以看出來吧。它就是表示一個來源。看下圖的一個請求的<a href="http://www.sojson.com/tag_referer.html" rel="nofollow" title="Referer" style="color:rgb(1,170,237);" target="_blank"> Referer </a>資訊。</p><p style="line-height:1.55;color:rgb(51,51,51);font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;font-size:15px;"><img src="https://img-blog.csdn.net/20180302212146140?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQvc2hlbnF1ZXlpbmc=/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70" alt=""><br></p><p style="line-height:1.55;font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;"></p><h3 style="font-size:18px;color:rgb(51,51,51);font-weight:500;font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;"><a name="t1"></a>這裡有一個小問題要說明下。</h3><p style="font-size:15px;color:rgb(51,51,51);line-height:1.55;font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;"><a href="http://www.sojson.com/tag_referer.html" rel="nofollow" title="Referer" style="color:rgb(1,170,237);" target="_blank">Referer </a>的正確英語拼法是<code style="font-size:.93em;font-family:Menlo, Monaco, Consolas, 'Courier New', monospace;">referrer</code> 。由於早期HTTP規範的拼寫錯誤,為了保持向後相容就將錯就錯了。其它網路技術的規範企圖修正此問題,使用正確拼法,所以目前拼法不統一。還有它第一個字母是大寫。</p><br><br><h1 style="font-size:30px;color:rgb(51,51,51);font-weight:500;font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;"><a name="t2"></a>Referer的作用?</h1><p style="font-size:15px;color:rgb(51,51,51);line-height:1.55;font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;">1.防盜鏈。</p><p style="font-size:15px;color:rgb(51,51,51);line-height:1.55;font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;">剛剛前面有提到一個小<a href="http://www.sojson.com/tag_demo.html" rel="nofollow" title="Demo" style="color:rgb(1,170,237);" target="_blank"> Demo </a>。</p><p style="font-size:15px;color:rgb(51,51,51);line-height:1.55;font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;">我在www.google.com裡有一個<code style="font-size:.93em;font-family:Menlo, Monaco, Consolas, 'Courier New', monospace;">www.baidu.com</code>連結,那麼點選這個<code style="font-size:.93em;font-family:Menlo, Monaco, Consolas, 'Courier New', monospace;">www.baidu.com</code>,它的header資訊裡就有:<br></p><blockquote style="font-size:15px;color:rgb(51,51,51);font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;border-left:5px solid rgb(208,229,242);line-height:1.4;">Referer=http://www.google.com</blockquote><p style="font-size:15px;color:rgb(51,51,51);line-height:1.55;font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;">那麼可以利用這個來防止盜鏈了,比如我只允許我自己的網站訪問我自己的圖片伺服器,那我的域名是<code style="font-size:.93em;font-family:Menlo, Monaco, Consolas, 'Courier New', monospace;">www.google.com</code>,那麼圖片伺服器每次取到Referer來判斷一下是不是我自己的域名<code style="font-size:.93em;font-family:Menlo, Monaco, Consolas, 'Courier New', monospace;">www.google.com</code>,如果是就繼續訪問,不是就攔截。</p><p style="font-size:15px;color:rgb(51,51,51);line-height:1.55;font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;">這是不是就達到防盜鏈的效果了?</p><p style="line-height:1.55;font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;"><span style="font-size:24px;color:#cc0000;"><strong><u>將這個http請求發給伺服器後,如果伺服器要求必須是某個地址或者某幾個地址才能訪問,而你傳送的referer不符合他的要求,就會攔截或者跳轉到他要求的地址,然後再通過這個地址進行訪問。</u></strong></span></p><p style="font-size:15px;color:rgb(51,51,51);line-height:1.55;font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;">2.防止惡意請求。</p><p style="font-size:15px;color:rgb(51,51,51);line-height:1.55;font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;">比如靜態請求是<code style="font-size:.93em;font-family:Menlo, Monaco, Consolas, 'Courier New', monospace;">*.html</code>結尾的,動態請求是<code style="font-size:.93em;font-family:Menlo, Monaco, Consolas, 'Courier New', monospace;">*.shtml</code>,那麼由此可以這麼用,所有的<code style="font-size:.93em;font-family:Menlo, Monaco, Consolas, 'Courier New', monospace;">*.shtml</code>請求,必須<a href="http://www.sojson.com/tag_referer.html" rel="nofollow" title="Referer" style="color:rgb(1,170,237);" target="_blank"> Referer </a>為我自己的網站。</p><blockquote style="font-size:15px;color:rgb(51,51,51);font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;border-left:5px solid rgb(208,229,242);line-height:1.4;"><p style="line-height:1.55;">Referer=http://www.google.com</p></blockquote><h1 style="font-size:30px;color:rgb(51,51,51);font-weight:500;font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;"><a name="t3"></a>空Referer是怎麼回事?什麼情況下會出現Referer?</h1><p style="font-size:15px;color:rgb(51,51,51);line-height:1.55;font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;">首先,我們對空<a href="http://www.sojson.com/tag_referer.html" rel="nofollow" title="Referer" style="color:rgb(1,170,237);" target="_blank"> Referer </a>的定義為,<a href="http://www.sojson.com/tag_referer.html" rel="nofollow" title="Referer" style="color:rgb(1,170,237);" target="_blank"> Referer </a>頭部的內容為空,或者,一個<a href="http://www.sojson.com/tag_http.html" rel="nofollow" title="HTTP" style="color:rgb(1,170,237);" target="_blank"> HTTP </a>請求中根本不包含<a href="http://www.sojson.com/tag_referer.html" rel="nofollow" title="Referer" style="color:rgb(1,170,237);" target="_blank"> Referer </a>頭部。</p><p style="font-size:15px;color:rgb(51,51,51);line-height:1.55;font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;">那麼什麼時候<a href="http://www.sojson.com/tag_http.html" rel="nofollow" title="HTTP" style="color:rgb(1,170,237);" target="_blank"> HTTP </a>請求會不包含<a href="http://www.sojson.com/tag_referer.html" rel="nofollow" title="Referer" style="color:rgb(1,170,237);" target="_blank"> Referer </a>欄位呢?根據Referer的定義,它的作用是指示一個請求是從哪裡連結過來,那麼當一個請求並不是由連結觸發產生的,那麼自然也就不需要指定這個請求的連結來源。</p><p style="font-size:15px;color:rgb(51,51,51);line-height:1.55;font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;">比如,直接在瀏覽器的位址列中輸入一個資源的URL地址,那麼這種請求是不會包含<a href="http://www.sojson.com/tag_referer.html" rel="nofollow" title="Referer" style="color:rgb(1,170,237);" target="_blank"> Referer </a>欄位的,因為這是一個“憑空產生”的<a href="http://www.sojson.com/tag_http.html" rel="nofollow" title="HTTP" style="color:rgb(1,170,237);" target="_blank"> HTTP </a>請求,並不是從一個地方連結過去的。<br></p><h3 style="font-size:18px;color:rgb(51,51,51);font-weight:500;font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;"><a name="t4"></a>那麼在防盜鏈設定中,允許空Referer和不允許空Referer有什麼區別?</h3><p style="font-size:15px;color:rgb(51,51,51);line-height:1.55;font-family:PingFangSC, 'helvetica neue', 'hiragino sans gb', arial, 'microsoft yahei ui', 'microsoft yahei', simsun, sans-serif;">允許<a href="http://www.sojson.com/tag_referer.html" rel="nofollow" title="Referer" style="color:rgb(1,170,237);" target="_blank"> Referer </a>為空,意味著你允許比如瀏覽器直接訪問,就是空。</p> </div>