捕获并阻止请求可疑 URL 的 IP 的示例 Servlet 过滤器 [英] Example Servlet Filter that catches and blocks IP's that request suspicious URL's
本文介绍了捕获并阻止请求可疑 URL 的 IP 的示例 Servlet 过滤器的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
为了避免重新开发轮子.是否有处理一些基本安全检查的 Java EE servlet 过滤器示例/即
To avoid re-developing the wheel. Are there any example Java EE servlet filters that take care of some basic security checks/ i.e.
- 如果 Rootkit 访问服务器,即使用以 .exe 结尾或包含../../.."的 URL,则在一段时间内阻止 Web 请求
- 限制或阻止发出意外大量请求的 IP.
我还想知道,对于那些特定类型的请求,servlet 过滤器中与 Thread.sleep(1000);
等效的东西是否不会是件坏事.
I also wonder if something equivalent to a Thread.sleep(1000);
in the servlet filter for those particular types of requests wouldn't be such a bad thing.
推荐答案
也许这会有所帮助.
public class SuspiciousURLFilter implements Filter {
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
String requestURI = httpRequest.getRequestURI();
if (requestURI.endsWith(".exe")) {
HttpServletResponse httpResponse = (HttpServletResponse) response;
//send error or maybe redirect to some error page
httpResponse.sendError(HttpServletResponse.SC_BAD_REQUEST);
}
filterChain.doFilter(request, response);
}
@Override
public void init(FilterConfig config) throws ServletException {
}
}
在您的 web.xml 中:
In your web.xml:
<filter>
<filter-name>suspiciousURLFilter </filter-name>
<filter-class>your.package.SuspiciousURLFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SuspiciousURLFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
这篇关于捕获并阻止请求可疑 URL 的 IP 的示例 Servlet 过滤器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文