我需要一种方法来找出响应我的 HTTP 请求的特定网站/Web 服务器使用了哪种 HTTP Auth 机制。我可以使用任何浏览器或任何其他工具(如 Wireshark)。但我不确定 Auth 标头是否可见。如果是,如何显示?
答案1
WWW-Authenticate: Basic realm="xxx"
您可以使用任何可以获取 HTTP 标头的工具。以 curl 为例,如果服务器使用基本身份验证,则应该看到服务器的响应。
如果消化它将看起来像下面这样。
WWW-Authenticate: Digest realm="[email protected]",
qop="auth,auth-int",
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
opaque="5ccc069c403ebaf9f0171e9517f40e41"
这是如何查看 curl 中的标题。
$ curl -v http://a.b.c.d/
* About to connect() to a.b.c.d port 80 (#0)
* Trying a.b.c.d...
* Adding handle: conn: 0x7f8e0a008c00
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7f8e0a008c00) send_pipe: 1, recv_pipe: 0
* Connected to a.b.c.d (a.b.c.d) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.30.0
> Host: a.b.c.d
> Accept: */*
>
< HTTP/1.1 401 Authorization Required
< Date: Wed, 05 Nov 2014 07:27:40 GMT
* Server Apache is not blacklisted
< Server: Apache
< WWW-Authenticate: Basic realm="xxx"
< Content-Length: 463
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Authorization Required</title>
</head><body>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<hr>
<address>Apache Server at a.b.c.d Port 80</address>
</body></html>