如何在 curl 时将域网络路由更改为自定义 IP?

如何在 curl 时将域网络路由更改为自定义 IP?

在 Linux 上,我确实使用 curl 访问api.binance.com网站,它给出了非常长的 ms 延迟 0.177 秒,尽管服务器位于 binance 服务器附近。

# curl -o /dev/null -s -w 'Total: %{time_total}s\n' "https://api.binance.com/api/v3/time"
Total: 0.177313s
# curl -v -X GET "https://api.binance.com/api/v3/time"
Note: Unnecessary use of -X or --request, GET is already inferred.
*   Trying 52.85.241.102:443...
* TCP_NODELAY set
* Connected to api.binance.com (52.85.241.102) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=KY; L=West Bay; O=Binance Holdings Limited; CN=*.binance.com
*  start date: Feb  9 00:00:00 2023 GMT
*  expire date: Feb 16 23:59:59 2024 GMT
*  subjectAltName: host "api.binance.com" matched cert's "*.binance.com"
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=GeoTrust RSA CA 2018
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55beb5cf0300)
> GET /api/v3/time HTTP/2
> Host: api.binance.com
> user-agent: curl/7.68.0
> accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200 
< content-type: application/json;charset=UTF-8
< content-length: 28
< date: Tue, 17 Oct 2023 22:52:16 GMT
< server: nginx
< x-mbx-uuid: fb406f0d-016b-4bf4-8866-0247a6b7b2ef
< x-mbx-used-weight: 1
< x-mbx-used-weight-1m: 1
< strict-transport-security: max-age=31536000; includeSubdomains
< x-frame-options: SAMEORIGIN
< x-xss-protection: 1; mode=block
< x-content-type-options: nosniff
< content-security-policy: default-src 'self'
< x-content-security-policy: default-src 'self'
< x-webkit-csp: default-src 'self'
< cache-control: no-cache, no-store, must-revalidate
< pragma: no-cache
< expires: 0
< access-control-allow-origin: *
< access-control-allow-methods: GET, HEAD, OPTIONS
< x-cache: Miss from cloudfront
< via: 1.1 a62f7ce6b39c676fcfdde0f9a6fcf08e.cloudfront.net (CloudFront)
< x-amz-cf-pop: ARN1-C1
< x-amz-cf-id: DYu01YZH94O-f5FVTEfzM9MFDwm6_HutV0Sz24IiKDi-5p9VKf7sRg==
< 
* Connection #0 to host api.binance.com left intact
{"serverTime":1697583136754}

让我们找到最近的币安服务器:

# dig api.binance.com +short
d3h36i1mno13q3.cloudfront.net.
18.238.65.94

我们看到新的 IP 地址 18.238.65.94。现在让我们检查并替换:

# curl -o /dev/null -s -w 'Total: %{time_total}s\n' "http://18.238.65.94/api/v3/time"
Total: 0.023214s

非常好,0.023s 的延迟非常完美。让我们获取 http 内容:

# curl -X GET "http://18.238.65.94/api/v3/time"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>403 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
Bad request.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: bJnE_LCwjuJSaxKb-e0X_A9qnpeYuACYLonB2l5t4lLo9SLNonkXiA==
</PRE>
<ADDRESS>
</ADDRESS>
</BODY></HTML>

如果我添加 SSL,则会收到另一个错误:

# curl -X GET "https://18.238.65.94/api/v3/time"
curl: (60) SSL: no alternative certificate subject name matches target host name '18.238.65.94'
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

如我们所见,两个请求都出现错误。 问:那么,我怎样才能正确地将api.binance.com找到的最近的服务器的 IP 网络根更改为该 IP 并获取 http 结果?

答案1

您展示的两个示例测量的不是同一件事。CloudFront 不允许您直接使用 IP 地址,因此它会生成 BAD REQUEST 响应(可以说这比联系原点更快)。

curl -i /dev/null -s -w 'Total: %{time_total}s\n' "https://api.binance.com/api/v3/time"

Total: 0.000000s
HTTP/2 200
content-type: application/json;charset=UTF-8
content-length: 28
date: Wed, 18 Oct 2023 04:07:40 GMT
server: nginx
...

{"serverTime":1697602060387}Total: 0.316431s

使用 IP 地址

curl -i /dev/null -s -w 'Total: %{time_total}s\n' "http://52.222.227.199/api/v3/time"

Total: 0.000000s
HTTP/1.1 403 Forbidden
Server: CloudFront
Date: Wed, 18 Oct 2023 04:09:30 GMT
...
X-Cache: Error from cloudfront
...
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>403 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
Bad request.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
...

相关内容