透传接口文档
2021.08.25 10:02:34
易盾智能反外挂透传接口,适用于恶意屏蔽反外挂IP和域名从而绕过反外挂服务的情况,反外挂服务透过游戏方服务器的中转与易盾安全实验室建立连接,易盾安全实验室的最新策略可顺利更新到游戏移动端。
接入场景
场景一:
游戏方服务器做数据转发,反外挂SDK通过游戏方域名或IP上报数据,客户除了提供部署的nginx服务器,无需进行额外开发,属于全量数据传输,接入请参考自动化透传。
场景二: 仅仅适用于特殊情况:在嫌疑数据上报前,玩家已经结束游戏,导致嫌疑数据没上报。需要游戏方主动调用触发上报
游戏方主动做数据转发,游戏方服务端通过调用反外挂SDK接口获取上报数据,再调用易盾安全实验室数据接收接口上报数据,客户控制数据传输,可根据业务需要选择性传输,接入请参考自助式透传。此场景,当前仅支持【嫌疑上报】接口透传。
自动化透传
- 在游戏方部署(或使用已有)Nginx代理转发服务器
- 易盾反外挂SDK,使用游戏方的域名,将数据上报到代理服务器,再转发给易盾服务器
实施部署
- 安装Nginx(可以使用已有Nginx服务)
- 配置Nginx
conf/nginx.conf,完整配置,见附录的nginx.conf,- 请联系
易盾反外挂开发对接人,确认选用配置文件:新加坡,或香港,或杭州的Nginx配置 - 如果使用新安装Nginx,配置直接复制附录的
nginx.conf - 如果使用已有Nginx,反向代理配置参考
server部分,如图,具体见附录!
- 请联系
申请域名,例如:ydt.somegame.com,根据Nginx配置,绑定到Nginx80端口(见附录Nginx配置)- 游戏移动端:查看《移动端反外挂SDK接入文档》, 在SDK的【用户登录】接口中,设置申请的域名ydt.somegame.com相关参数,见 https://support.dun.163.com/documents/368110571181232128?docId=456646710151434240
联调验证
- 测试透传链路是否正常:
客户端发起请求 --> 透传代理服务器 --> 易盾数据接收服务 - 使用模拟器登录游戏,打开客户端前通过windows防火墙禁用我们的域名和IP;
- 使用真机登录游戏,通过iptables命令封禁我们的域名和IP,使用命令:iptables -A OUTPUT -d 59.111.160.194 -j REJECT,对应可以使用抓包:/data/local/tcpdump -p -vv -s 0 -w /sdcard/fm0530.pcap
附录
- 附1 新加坡
Nginx.conf配置
worker_processes 4;
events {
use epoll;
worker_connections 1024;
multi_accept on;
accept_mutex off;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
keepalive_timeout 5;
tcp_nodelay on;
gzip on;
gzip_http_version 1.0;
gzip_proxied any;
gzip_types application/javascript application/x-javascript application/xml application/atom+xml text/css text/plain text/xml text/x-component text/javascript application/json;
gzip_vary on;
server_name_in_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-From-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_hide_header ETag;
proxy_hide_header Via;
proxy_hide_header X-Cache;
proxy_hide_header X-Img-From;
proxy_hide_header X-Powered-By;
proxy_hide_header X-Squid-Error;
proxy_hide_header X-Varnish;
proxy_buffering off;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_intercept_errors on;
proxy_connect_timeout 10;
client_header_buffer_size 8k;
client_max_body_size 64m;
map_hash_bucket_size 64;
types_hash_bucket_size 64;
server_names_hash_bucket_size 256;
server_names_hash_max_size 2048;
variables_hash_bucket_size 128;
server_tokens off;
server {
listen 80;
location / {
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host "xjp-yb.dun.163.com";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Isctc-Mode "tc-xjp";
proxy_pass http://xjp-yb.dun.163.com;
}
}
}
- 附2 杭州
Nginx.conf配置
worker_processes 4;
events {
use epoll;
worker_connections 1024;
multi_accept on;
accept_mutex off;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
keepalive_timeout 5;
tcp_nodelay on;
gzip on;
gzip_http_version 1.0;
gzip_proxied any;
gzip_types application/javascript application/x-javascript application/xml application/atom+xml text/css text/plain text/xml text/x-component text/javascript application/json;
gzip_vary on;
server_name_in_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-From-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_hide_header ETag;
proxy_hide_header Via;
proxy_hide_header X-Cache;
proxy_hide_header X-Img-From;
proxy_hide_header X-Powered-By;
proxy_hide_header X-Squid-Error;
proxy_hide_header X-Varnish;
proxy_buffering off;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_intercept_errors on;
proxy_connect_timeout 10;
client_header_buffer_size 8k;
client_max_body_size 64m;
map_hash_bucket_size 64;
types_hash_bucket_size 64;
server_names_hash_bucket_size 256;
server_names_hash_max_size 2048;
variables_hash_bucket_size 128;
server_tokens off;
server {
listen 80;
location / {
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host "yb.dun.163.com";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Isctc-Mode "tc-yb";
proxy_pass http://yb.dun.163.com;
}
}
}
- 附3 香港
Nginx.conf配置
worker_processes 4;
events {
use epoll;
worker_connections 1024;
multi_accept on;
accept_mutex off;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
keepalive_timeout 5;
tcp_nodelay on;
gzip on;
gzip_http_version 1.0;
gzip_proxied any;
gzip_types application/javascript application/x-javascript application/xml application/atom+xml text/css text/plain text/xml text/x-component text/javascript application/json;
gzip_vary on;
server_name_in_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-From-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_hide_header ETag;
proxy_hide_header Via;
proxy_hide_header X-Cache;
proxy_hide_header X-Img-From;
proxy_hide_header X-Powered-By;
proxy_hide_header X-Squid-Error;
proxy_hide_header X-Varnish;
proxy_buffering off;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_intercept_errors on;
proxy_connect_timeout 10;
client_header_buffer_size 8k;
client_max_body_size 64m;
map_hash_bucket_size 64;
types_hash_bucket_size 64;
server_names_hash_bucket_size 256;
server_names_hash_max_size 2048;
variables_hash_bucket_size 128;
server_tokens off;
server {
listen 80;
location / {
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host "ma.dun.163.com";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Isctc-Mode "tc-ma";
proxy_pass http://ma.dun.163.com;
}
}
}
自助式透传
上报数据
请求地址:http://yb.dun.163.com/api/v1/doubtful_msg
请求方式:POST(HTTP/HTTPS)
请求参数说明:
body数据来源于客户端接口,需增加请求头参数。
请求头参数说明:
| Key | Value | 字段说明 |
|---|---|---|
| Content-Type | application/json | 数据格式 |
| Content-ID | [加密AppId] | 加密AppId,计算方法参见示例代码encodeAppId |
public static String encodeAppId(String appId) {
char[] charArray = appId.toCharArray();
byte xorKey = (byte) 0x95;
byte[] res = new byte[charArray.length];
for (int i = 0; i < charArray.length; i++) {
char c = charArray[i];
res[i] = (byte) (c ^ xorKey);
xorKey = (byte) c;
}
return new String(Base64.encodeBase64(res));
}
响应示例:
{
"msg": "ok!",
"code": 200
}
响应参数说明:
| 参数名称 | 类型 | 描述 |
|---|---|---|
| code | int | 响应码,表示响应结果是否正常,具体值详见【响应码】定义 |
| msg | string | 响应补充信息,正常响应时,该值为Null;异常情况时,表示异常说明 |
其中,响应码枚举如下:
| code | msg | 备注 |
|---|---|---|
| 200 | OK! | 数据校验通过,上报成功后的正常响应 |
| 4401 | Missing request parameters! | 请求参数缺失,msg信息包含具体缺失字段 |
| 4402 | Illegal parameter format! | 请求参数格式非法,msg信息包含具体非法字段 |
| 5501 | The request has been expired! | 请求已过期(有效期默认60秒) |
| 5502 | The data has been tampered! | 数据被篡改 |
| 5503 | Duplicate Request Submission! | 重复请求 |
