im试图将简单的GET请求发送到清漆服务器,并且下面的代码仅在http嗅探器为ON的情况下有效,否则即时得到430 未经授权的回应,如果您访问此网址https://identity.ticketmaster.com/v1/me,您应该获得400状态代码,因为未指定凭据,但是使用下面的代码,我们得到430未经授权
userAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/68.0.3440.84 Safari/537.36";
Uri requestUri = new Uri("https://identity.ticketmaster.com/v1/me");
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11 |
SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3;
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(requestUri);
request.Method = "GET";
request.Host = "identity.ticketmaster.com";
request.KeepAlive = true;
request.Headers.Add("Cache-Control", "max-age=0");
request.Headers.Add("Upgrade-Insecure-Requests", "1");
request.UserAgent = userAgent;
request.Accept = "*/*";
request.Headers.Add("Accept-Language", "en-US,en;q=0.9");
string str = "";
try{
using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
{
str = new StreamReader(response.GetResponseStream()).ReadToEnd();
Console.WriteLine(str);
response.Close();
request.Abort();
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
如果使用任何其他请求构建器构建请求,则使用任何浏览器也可以正常运行。看起来varnish能够以某种方式检测请求是否由.NET应用发送,并触发430未经授权的消息。 我尝试了Wireshark,唯一能看到的就是TLS1.2握手