透传接口文档

易盾智能反外挂透传接口,适用于恶意屏蔽反外挂IP和域名从而绕过反外挂服务的情况,反外挂服务透过游戏方服务器的中转与易盾安全实验室建立连接,易盾安全实验室的最新策略可顺利更新到游戏移动端。

接入场景

场景一: 游戏方服务器做数据转发,反外挂SDK通过游戏方域名或IP上报数据,客户除了提供部署的nginx服务器,无需进行额外开发,属于全量数据传输,接入请参考自动化透传。

场景二: 游戏方主动做数据转发,游戏方服务端通过调用反外挂SDK接口获取上报数据,再调用易盾安全实验室数据接收接口上报数据,客户控制数据传输,可根据业务需要选择性传输,接入请参考自助式透传。

自动化透传

  • 在游戏方部署(或使用已有)Nginx代理转发服务器
  • 易盾反外挂SDK,使用游戏方的域名,将数据上报到代理服务器,再转发给易盾服务器

image title

实施部署

  • 安装Nginx(可以使用已有Nginx服务)
  • 配置Nginxconf/nginx.conf,完整配置,见附录的nginx.conf
    • 请联系易盾反外挂开发对接人,确认选用配置文件:新加坡,或香港,或杭州的Nginx配置
    • 如果使用新安装Nginx,配置直接复制附录的nginx.conf
    • 如果使用已有Nginx,反向代理配置参考server部分,如图,具体见附录! image title
  • 申请域名,例如:ydt.somegame.com,根据Nginx配置,绑定到Nginx 80端口(见附录Nginx配置)

联调验证

  • 将申请的透传域名,告知易盾反外挂开发对接人
  • 测试透传链路是否正常:客户端发起请求 --> 透传代理服务器 --> 易盾数据接收服务

附录

  • 附1 新加坡Nginx.conf配置
worker_processes  4;

events {
    use epoll;
    worker_connections  1024;
    multi_accept on;
    accept_mutex off;
}

http {
    include mime.types;
    default_type application/octet-stream;

    
    sendfile on;
    tcp_nopush on;

    keepalive_timeout 5;
    tcp_nodelay on;

    gzip on;
    gzip_http_version 1.0;
    gzip_proxied any;
    gzip_types application/javascript application/x-javascript application/xml application/atom+xml text/css text/plain text/xml text/x-component text/javascript application/json;
    gzip_vary on;

    server_name_in_redirect off;

    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-From-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;


    proxy_hide_header ETag;
    proxy_hide_header Via;
    proxy_hide_header X-Cache;
    proxy_hide_header X-Img-From;
    proxy_hide_header X-Powered-By;
    proxy_hide_header X-Squid-Error;
    proxy_hide_header X-Varnish;

    proxy_buffering off;
    proxy_buffer_size 128k;
    proxy_buffers 4 256k;
    proxy_busy_buffers_size 256k;
    proxy_intercept_errors on;

    proxy_connect_timeout 10;

    client_header_buffer_size 8k;
    client_max_body_size 64m;
    map_hash_bucket_size 64;
    types_hash_bucket_size 64;
    server_names_hash_bucket_size 256;
    server_names_hash_max_size 2048;
    variables_hash_bucket_size 128;

    server_tokens off;

    server {
        listen 80;

        location / {
            proxy_http_version 1.1;
            proxy_set_header Connection "";
            proxy_set_header Host "xjp-yb.dun.163.com";
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Isctc-Mode "tc-xjp";
            proxy_pass http://xjp-yb.dun.163.com;
        }
    }   
}

  • 附2 杭州Nginx.conf配置
worker_processes  4;

events {
    use epoll;
    worker_connections  1024;
    multi_accept on;
    accept_mutex off;
}

http {
    include mime.types;
    default_type application/octet-stream;

    
    sendfile on;
    tcp_nopush on;

    keepalive_timeout 5;
    tcp_nodelay on;

    gzip on;
    gzip_http_version 1.0;
    gzip_proxied any;
    gzip_types application/javascript application/x-javascript application/xml application/atom+xml text/css text/plain text/xml text/x-component text/javascript application/json;
    gzip_vary on;

    server_name_in_redirect off;

    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-From-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_hide_header ETag;
    proxy_hide_header Via;
    proxy_hide_header X-Cache;
    proxy_hide_header X-Img-From;
    proxy_hide_header X-Powered-By;
    proxy_hide_header X-Squid-Error;
    proxy_hide_header X-Varnish;

    proxy_buffering off;
    proxy_buffer_size 128k;
    proxy_buffers 4 256k;
    proxy_busy_buffers_size 256k;
    proxy_intercept_errors on;

    proxy_connect_timeout 10;

    client_header_buffer_size 8k;
    client_max_body_size 64m;
    map_hash_bucket_size 64;
    types_hash_bucket_size 64;
    server_names_hash_bucket_size 256;
    server_names_hash_max_size 2048;
    variables_hash_bucket_size 128;

    server_tokens off;

    server {
        listen 80;

        location / {
            proxy_http_version 1.1;
            proxy_set_header Connection "";
            proxy_set_header Host "yb.dun.163.com";
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Isctc-Mode "tc-yb";
            proxy_pass http://yb.dun.163.com;
        }
    }
   
}
  • 附3 香港Nginx.conf配置
worker_processes  4;

events {
    use epoll;
    worker_connections  1024;
    multi_accept on;
    accept_mutex off;
}

http {
    include mime.types;
    default_type application/octet-stream;

    
    sendfile on;
    tcp_nopush on;

    keepalive_timeout 5;
    tcp_nodelay on;

    gzip on;
    gzip_http_version 1.0;
    gzip_proxied any;
    gzip_types application/javascript application/x-javascript application/xml application/atom+xml text/css text/plain text/xml text/x-component text/javascript application/json;
    gzip_vary on;

    server_name_in_redirect off;

    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-From-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_hide_header ETag;
    proxy_hide_header Via;
    proxy_hide_header X-Cache;
    proxy_hide_header X-Img-From;
    proxy_hide_header X-Powered-By;
    proxy_hide_header X-Squid-Error;
    proxy_hide_header X-Varnish;

    proxy_buffering off;
    proxy_buffer_size 128k;
    proxy_buffers 4 256k;
    proxy_busy_buffers_size 256k;
    proxy_intercept_errors on;

    proxy_connect_timeout 10;

    client_header_buffer_size 8k;
    client_max_body_size 64m;
    map_hash_bucket_size 64;
    types_hash_bucket_size 64;
    server_names_hash_bucket_size 256;
    server_names_hash_max_size 2048;
    variables_hash_bucket_size 128;

    server_tokens off;

    server {
        listen 80;

        location / {
            proxy_http_version 1.1;
            proxy_set_header Connection "";
            proxy_set_header Host "ma.dun.163.com";
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Isctc-Mode "tc-ma";
            proxy_pass http://ma.dun.163.com;
        }
    }
}
   

自助式透传

上报数据

请求地址:http://yb.dun.163.com/api/v1/doubtful_msg

请求方式:POST(HTTP/HTTPS)

请求参数说明:

body数据来源于客户端接口,需增加请求头参数。

请求头参数说明:

KeyValue字段说明
Content-Typeapplication/json数据格式
Content-ID[加密AppId]加密AppId,计算方法参见示例代码encodeAppId
public static String encodeAppId(String appId) {
    char[] charArray = appId.toCharArray();
    byte xorKey = (byte) 0x95;

    byte[] res = new byte[charArray.length];
    for (int i = 0; i < charArray.length; i++) {
        char c = charArray[i];
        res[i] = (byte) (c ^ xorKey);
        xorKey = (byte) c;
    }

    return new String(Base64.encodeBase64(res));
}

响应示例:

{
    "msg": "ok!",
    "code": 200
}

响应参数说明:

参数名称类型描述
codeint响应码,表示响应结果是否正常,具体值详见【响应码】定义
msgstring响应补充信息,正常响应时,该值为Null;异常情况时,表示异常说明

其中,响应码枚举如下:

codemsg备注
200OK!数据校验通过,上报成功后的正常响应
4401Missing request parameters!请求参数缺失,msg信息包含具体缺失字段
4402Illegal parameter format!请求参数格式非法,msg信息包含具体非法字段
5501The request has been expired!请求已过期(有效期默认60秒)
5502The data has been tampered!数据被篡改
5503Duplicate Request Submission!重复请求