透传接口文档

2021.07.19 19:23:11

    易盾智能反外挂透传接口,适用于恶意屏蔽反外挂IP和域名从而绕过反外挂服务的情况,反外挂服务透过游戏方服务器的中转与易盾安全实验室建立连接,易盾安全实验室的最新策略可顺利更新到游戏移动端。

    接入场景

    场景一:

    游戏方服务器做数据转发,反外挂SDK通过游戏方域名或IP上报数据,客户除了提供部署的nginx服务器,无需进行额外开发,属于全量数据传输,接入请参考自动化透传。

    场景二: 仅仅适用于特殊情况:在嫌疑数据上报前,玩家已经结束游戏,导致嫌疑数据没上报。需要游戏方主动调用触发上报

    游戏方主动做数据转发,游戏方服务端通过调用反外挂SDK接口获取上报数据,再调用易盾安全实验室数据接收接口上报数据,客户控制数据传输,可根据业务需要选择性传输,接入请参考自助式透传。此场景,当前仅支持【嫌疑上报】接口透传。

    自动化透传

    • 在游戏方部署(或使用已有)Nginx代理转发服务器
    • 易盾反外挂SDK,使用游戏方的域名,将数据上报到代理服务器,再转发给易盾服务器

    image title

    实施部署

    • 安装Nginx(可以使用已有Nginx服务)
    • 配置Nginxconf/nginx.conf,完整配置,见附录的nginx.conf
      • 请联系易盾反外挂开发对接人,确认选用配置文件:新加坡,或香港,或杭州的Nginx配置
      • 如果使用新安装Nginx,配置直接复制附录的nginx.conf
      • 如果使用已有Nginx,反向代理配置参考server部分,如图,具体见附录! image title
    • 申请域名,例如:ydt.somegame.com,根据Nginx配置,绑定到Nginx 80端口(见附录Nginx配置)
    • 游戏移动端:查看《移动端反外挂SDK接入文档》, 在SDK的【用户登录】接口中,设置申请的域名ydt.somegame.com相关参数,见 https://support.dun.163.com/documents/368110571181232128?docId=456646710151434240

    联调验证

    • 测试透传链路是否正常:客户端发起请求 --> 透传代理服务器 --> 易盾数据接收服务
    • 使用模拟器登录游戏,打开客户端前通过windows防火墙禁用我们的域名和IP;
    • 使用真机登录游戏,通过iptables命令封禁我们的域名和IP,使用命令:iptables -A OUTPUT -d 59.111.160.194 -j REJECT,对应可以使用抓包:/data/local/tcpdump -p -vv -s 0 -w /sdcard/fm0530.pcap

    附录

    • 附1 新加坡Nginx.conf配置
    worker_processes  4;
    
    events {
        use epoll;
        worker_connections  1024;
        multi_accept on;
        accept_mutex off;
    }
    
    http {
        include mime.types;
        default_type application/octet-stream;
    
        
        sendfile on;
        tcp_nopush on;
    
        keepalive_timeout 5;
        tcp_nodelay on;
    
        gzip on;
        gzip_http_version 1.0;
        gzip_proxied any;
        gzip_types application/javascript application/x-javascript application/xml application/atom+xml text/css text/plain text/xml text/x-component text/javascript application/json;
        gzip_vary on;
    
        server_name_in_redirect off;
    
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-From-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
    
    
        proxy_hide_header ETag;
        proxy_hide_header Via;
        proxy_hide_header X-Cache;
        proxy_hide_header X-Img-From;
        proxy_hide_header X-Powered-By;
        proxy_hide_header X-Squid-Error;
        proxy_hide_header X-Varnish;
    
        proxy_buffering off;
        proxy_buffer_size 128k;
        proxy_buffers 4 256k;
        proxy_busy_buffers_size 256k;
        proxy_intercept_errors on;
    
        proxy_connect_timeout 10;
    
        client_header_buffer_size 8k;
        client_max_body_size 64m;
        map_hash_bucket_size 64;
        types_hash_bucket_size 64;
        server_names_hash_bucket_size 256;
        server_names_hash_max_size 2048;
        variables_hash_bucket_size 128;
    
        server_tokens off;
    
        server {
            listen 80;
    
            location / {
                proxy_http_version 1.1;
                proxy_set_header Connection "";
                proxy_set_header Host "xjp-yb.dun.163.com";
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Isctc-Mode "tc-xjp";
                proxy_pass http://xjp-yb.dun.163.com;
            }
        }   
    }
    
    
    • 附2 杭州Nginx.conf配置
    worker_processes  4;
    
    events {
        use epoll;
        worker_connections  1024;
        multi_accept on;
        accept_mutex off;
    }
    
    http {
        include mime.types;
        default_type application/octet-stream;
    
        
        sendfile on;
        tcp_nopush on;
    
        keepalive_timeout 5;
        tcp_nodelay on;
    
        gzip on;
        gzip_http_version 1.0;
        gzip_proxied any;
        gzip_types application/javascript application/x-javascript application/xml application/atom+xml text/css text/plain text/xml text/x-component text/javascript application/json;
        gzip_vary on;
    
        server_name_in_redirect off;
    
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-From-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
    
        proxy_hide_header ETag;
        proxy_hide_header Via;
        proxy_hide_header X-Cache;
        proxy_hide_header X-Img-From;
        proxy_hide_header X-Powered-By;
        proxy_hide_header X-Squid-Error;
        proxy_hide_header X-Varnish;
    
        proxy_buffering off;
        proxy_buffer_size 128k;
        proxy_buffers 4 256k;
        proxy_busy_buffers_size 256k;
        proxy_intercept_errors on;
    
        proxy_connect_timeout 10;
    
        client_header_buffer_size 8k;
        client_max_body_size 64m;
        map_hash_bucket_size 64;
        types_hash_bucket_size 64;
        server_names_hash_bucket_size 256;
        server_names_hash_max_size 2048;
        variables_hash_bucket_size 128;
    
        server_tokens off;
    
        server {
            listen 80;
    
            location / {
                proxy_http_version 1.1;
                proxy_set_header Connection "";
                proxy_set_header Host "yb.dun.163.com";
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Isctc-Mode "tc-yb";
                proxy_pass http://yb.dun.163.com;
            }
        }
       
    }
    
    • 附3 香港Nginx.conf配置
    worker_processes  4;
    
    events {
        use epoll;
        worker_connections  1024;
        multi_accept on;
        accept_mutex off;
    }
    
    http {
        include mime.types;
        default_type application/octet-stream;
    
        
        sendfile on;
        tcp_nopush on;
    
        keepalive_timeout 5;
        tcp_nodelay on;
    
        gzip on;
        gzip_http_version 1.0;
        gzip_proxied any;
        gzip_types application/javascript application/x-javascript application/xml application/atom+xml text/css text/plain text/xml text/x-component text/javascript application/json;
        gzip_vary on;
    
        server_name_in_redirect off;
    
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-From-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
    
        proxy_hide_header ETag;
        proxy_hide_header Via;
        proxy_hide_header X-Cache;
        proxy_hide_header X-Img-From;
        proxy_hide_header X-Powered-By;
        proxy_hide_header X-Squid-Error;
        proxy_hide_header X-Varnish;
    
        proxy_buffering off;
        proxy_buffer_size 128k;
        proxy_buffers 4 256k;
        proxy_busy_buffers_size 256k;
        proxy_intercept_errors on;
    
        proxy_connect_timeout 10;
    
        client_header_buffer_size 8k;
        client_max_body_size 64m;
        map_hash_bucket_size 64;
        types_hash_bucket_size 64;
        server_names_hash_bucket_size 256;
        server_names_hash_max_size 2048;
        variables_hash_bucket_size 128;
    
        server_tokens off;
    
        server {
            listen 80;
    
            location / {
                proxy_http_version 1.1;
                proxy_set_header Connection "";
                proxy_set_header Host "ma.dun.163.com";
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Isctc-Mode "tc-ma";
                proxy_pass http://ma.dun.163.com;
            }
        }
    }
       
    

    自助式透传

    上报数据

    请求地址:http://yb.dun.163.com/api/v1/doubtful_msg

    请求方式:POST(HTTP/HTTPS)

    请求参数说明:

    body数据来源于客户端接口,需增加请求头参数。

    请求头参数说明:

    Key Value 字段说明
    Content-Type application/json 数据格式
    Content-ID [加密AppId] 加密AppId,计算方法参见示例代码encodeAppId
    public static String encodeAppId(String appId) {
        char[] charArray = appId.toCharArray();
        byte xorKey = (byte) 0x95;
    
        byte[] res = new byte[charArray.length];
        for (int i = 0; i < charArray.length; i++) {
            char c = charArray[i];
            res[i] = (byte) (c ^ xorKey);
            xorKey = (byte) c;
        }
    
        return new String(Base64.encodeBase64(res));
    }
    

    响应示例:

    {
        "msg": "ok!",
        "code": 200
    }
    

    响应参数说明:

    参数名称 类型 描述
    code int 响应码,表示响应结果是否正常,具体值详见【响应码】定义
    msg string 响应补充信息,正常响应时,该值为Null;异常情况时,表示异常说明

    其中,响应码枚举如下:

    code msg 备注
    200 OK! 数据校验通过,上报成功后的正常响应
    4401 Missing request parameters! 请求参数缺失,msg信息包含具体缺失字段
    4402 Illegal parameter format! 请求参数格式非法,msg信息包含具体非法字段
    5501 The request has been expired! 请求已过期(有效期默认60秒)
    5502 The data has been tampered! 数据被篡改
    5503 Duplicate Request Submission! 重复请求
    Online Chat Tel:95163223