示例Servletfilter捕获并阻止请求可疑URL的IP
避免重新开发车轮。 是否有任何示例Java EE servletfilter负责一些基本的安全检查/即
- 如果rootkit命中服务器,则阻止Web请求一段时间,即使用以.exe结尾或包含“../../ ..”的URL。
- 限制或阻止正在发出意外大量请求的IP。
我也想知道是否有类似于Thread.sleep(1000); 在servletfilter中对那些特定类型的请求不会是一件坏事。
也许这会有所帮助。
public class SuspiciousURLFilter implements Filter { @Override public void destroy() { } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) request; String requestURI = httpRequest.getRequestURI(); if (requestURI.endsWith(".exe")) { HttpServletResponse httpResponse = (HttpServletResponse) response; //send error or maybe redirect to some error page httpResponse.sendError(HttpServletResponse.SC_BAD_REQUEST); } filterChain.doFilter(request, response); } @Override public void init(FilterConfig config) throws ServletException { } }
在您的web.xml中:
suspiciousURLFilter your.package.SuspiciousURLFilter SuspiciousURLFilter /*