16

在代理服务器转发到服务器之前,是否向 HTTP 请求添加或修改了任何请求标头?

如果是这样,是否对相同的数据包进行了更改,或者内容是否用于创建带有修改的新请求数据包?

4

1 回答 1

31

There are a few different types of proxy servers. Because you've mentioned request headers, I'm going to assume that you're talking about HTTP proxy servers, which forward HTTP requests, not packets.

NOTE: In the special case of HTTPS requests (TLS/SSL via CONNECT), proxy servers will just forward the content of the TCP packets (and are unable to inspect the packets unless acting as a man-in-the-middle proxy).


Of course it depends on the proxy software and its configuration, but HTTP proxies are expected to follow the W3C Guidelines for Web Content Transformation Proxies, which states many things, but most relevantly:

  • Other than to convert between HEAD and GET proxies must not alter request methods.

  • If the request contains a Cache-Control: no-transform directive, proxies must not alter the request other than to comply with transparent HTTP behavior defined in RFC 2616 HTTP sections section 14.9.5 and section 13.5.2 and to add header fields as described in 4.1.6 Additional HTTP Header Fields.

  • Other than the modifications required by RFC 2616 HTTP proxies should not modify the values of header fields other than the User-Agent, Accept, Accept-Charset, Accept-Encoding, and Accept-Language header fields and must not delete header fields.

  • Proxies should add the IP address of the initiator of the request to the end of a comma separated list in an X-Forwarded-For HTTP header field.

  • Proxies must (in accordance with RFC 2616) include a Via HTTP header field.


In summary, you can generally expect these HTTP headers to be changed/added by a standards-compliant proxy:

  • User-Agent
  • Accept
  • Accept-Charset
  • Accept-Encoding
  • Accept-Language
  • X-Forwarded-For
  • Via
于 2012-04-29T06:19:22.997 回答