问题描述
我注意到,当Android-OS设备上的用户访问我的网站时,每个页面上都会不断发生两个请求。第一个是普通浏览器,第二个是来自 Dalvik的浏览器。示例:
I've noticed that when users on Android-OS devices visit my site, there's constantly two requests happening on each page. The first is the normal browser, and the second is from "Dalvik". Example:
GET / HTTP / 1.1 200 2126- Mozilla / 5.0(Linux; Android 5.0.2; SAMSUNG SM-G925F / G925FXXU1AOD8 Build / LRX22G )AppleWebKit / 537.36(KHTML,例如Gecko)SamsungBrowser / 3.0 Chrome / 38.0.2125.102移动Safari / 537.36 1229 2802
"GET / HTTP/1.1" 200 2126 "-" "Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG SM-G925F/G925FXXU1AOD8 Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/3.0 Chrome/38.0.2125.102 Mobile Safari/537.36" 1229 2802
GET / HTTP / 1.1 200 2117 - Dalvik / 2.1.0(Linux; U; Android 5.0.2; SM-G925F Build / LRX22G) 546 8729
"GET / HTTP/1.1" 200 2117 "-" "Dalvik/2.1.0 (Linux; U; Android 5.0.2; SM-G925F Build/LRX22G)" 546 8729
根据我的理解,第一个请求来自实际的浏览器,另一个请求来自运行该浏览器的虚拟机(Dalvik)。问题在于Dalvik请求没有使用相同的Cookie和/或POST数据,这会触发服务器端错误。例如,当用户注册帐户时。普通的浏览器通过POST数据发送数据,但是Dalvik请求只是对操作网址执行GET操作。同样,如果用户登录,Dalvik将在基于权限的页面上尝试GET,这可能会将其重定向到其他地方,因为没有会话。
From my understanding of this, the first request is from the actual browser, and the other is from the virtual machine (Dalvik) running the browser. The problem is that the Dalvik request doesn't use the same cookies, and/or POST data, and this triggers errors server side. An example would be when a user registers an account. The normal browser sends through POST data, but the Dalvik request just does a GET on the action url. Similarly, if a user is logged in, Dalvik will try a GET on a permission based page, which may redirect it somewhere else because there's no session for it.
用户不会遇到任何实际问题(据我所知),但是,我们在错误日志记录中注意到了这些尝试。所以我的问题是:如果浏览器代理指示 Dalvik / 。。*,我可以安全地阻止所有访问尝试吗?对使用者有不利影响吗?考虑到与Dalvik相关的请求实际上并未重新发布真实数据或进行会话,因此似乎不太可能。但是,希望有更多使用Android经验的人可以对此提供一些反馈,例如,我应该发出特定的HTTP标头/状态代码,例如 401未经授权还是 400错误请求?
The user doesn't experience any real problems (from what I can tell), however, we notice the attempts in our error logging. So my question is: Can I safely block all access attempts if the browser agent indicates "Dalvik/..*"? Will there be any adverse affects for the user? Considering that the Dalvik-related requests aren't actually reposting the real data or carrying a session, it seems unlikely. But hoping someone with more experience with Android can provide some feedback on it, for example, should I issue a specific HTTP header/status code, like "401 Unauthorized" or "400 Bad Request"?
任何帮助将不胜感激。
推荐答案
这是三星手机的Linux外壳。我的操作系统被列为 Linux 3.4.0-7500527(Dalvik 2.1.0),它是三星Galaxy S5。能否为您的网站设置一个副本(甚至最少),让其收到501?有了它,应该很容易找出来。
This is the Linux shell for Samsung phones. My OS is listed as "Linux 3.4.0-7500527 (Dalvik 2.1.0)" and it's a Samsung Galaxy S5. Could you set up a duplicate of your site (even minimal) with the gets receiving a 501, perhaps? With that, it should be easy to find out.
这篇关于我可以安全地阻止Dalvik浏览器代理请求吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!