在下面的代码示例中,我将API端点替换为占位符端点,但它们在php和node.js脚本之间完全相同。另请注意,被攻击的端点托管在Azure前门后面的Azure应用程序服务上。我在应用程序服务日志中看到了404错误。
下面是PHP脚本:
$apiKey = "someAPIKey";
$accountId = "someAccountId";
$txRequest = createTransaction(); // This is JSON
$baseUri = "https://someapiendpoint.com/graphql";
$headers = [
"Accept: application/json",
"X-API-KEY: $apiKey",
"Account: $accountId",
];
echo $txRequest;
$ch = curl_init($baseUri);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2_0);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_POSTFIELDS, $txRequest);
$response = curl_exec($ch);
curl_close($ch);
if ($response === FALSE) {
echo "cUrl error (#%d): %s<br>\n";
}
echo $response;php函数的响应:
* Connected to someapiendpoint.com (xxx:xxx:xxx:xxx) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN: server accepted h2
* Server certificate:
* subject: CN=someapiendpoint.com
* start date: Jun 11 00:00:00 2023 GMT
* expire date: Dec 11 23:59:59 2023 GMT
* subjectAltName: host "someapiendpoint.com" matched cert's "someapiendpoint.com"
* issuer: C=US; O=DigiCert, Inc.; CN=GeoTrust Global TLS RSA4096 SHA256 2022 CA1
* SSL certificate verify result: self-signed certificate in certificate chain (19), continuing anyway.
* Using HTTP2, server supports multiplexing
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* h2h3 [:method: POST]
* h2h3 [:path: /graphql]
* h2h3 [:scheme: https]
* h2h3 [:authority: someapiendpoint.com]
* h2h3 [accept: application/json]
* h2h3 [x-api-key: someAPIKey]
* h2h3 [account: someAccountId]
* h2h3 [content-length: 1187]
* h2h3 [content-type: application/x-www-form-urlencoded]
* Using Stream ID: 1 (easy handle 0x264ace0f260)
> POST /graphql HTTP/2
Host: someapiendpoint.com
accept: application/json
x-api-key: someAPIKey
account: someAccountId
content-length: 1187
content-type: application/x-www-form-urlencoded
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
* We are completely uploaded and fine
< HTTP/2 404
< date: Thu, 05 Oct 2023 22:43:53 GMT
< content-length: 0
< x-robots-tag: noindex,nofollow
< x-correlation-id: 000000000000000000000000
< x-azure-ref: 0000000000000000000000000000000000000000
< x-cache: CONFIG_NOCACHE
<
* Connection #0 to host someapiendpoint.com left intact下面是node.js脚本:
const response = await axios.post(
'https://someapiendpoint.com/graphql',
txRequest, // This is JSON
{
headers: {
Accept: 'application/json',
'X-API-KEY':
'someAPIKey',
Account: 'someAccountId',
},
}
);
console.log(response.data);node.js脚本响应一个200响应,其中包含预期的响应体。
1条答案
按热度按时间l3zydbqr1#
经过多次的尝试和错误,我终于找到了问题所在。
我不得不添加标题“Content-Type”并将其设置为“application/json”。一旦添加了该标题,然后我得到了200个响应,这一切都工作了。
添加的页眉代码: