1

避免重新开发车轮。是否有任何示例 Java EE servlet 过滤器可以处理一些基本的安全检查/即

  • 如果 rootkit 访问服务器,即使用以 .exe 结尾或包含“../../..”的 URL,则在一段时间内阻止 Web 请求
  • 限制或阻止发出大量请求的 IP。

我还想知道对于那些特定类型的请求,相当于Thread.sleep(1000);servlet 过滤器中的 a 的东西是否不是一件坏事。

4

1 回答 1

4

也许这会有所帮助。

public class SuspiciousURLFilter implements Filter {

        @Override
        public void destroy() {
        }

        @Override
        public void doFilter(ServletRequest request, ServletResponse response,
                FilterChain filterChain) throws IOException, ServletException {

            HttpServletRequest httpRequest = (HttpServletRequest) request;
            String requestURI = httpRequest.getRequestURI();

            if (requestURI.endsWith(".exe")) {

                HttpServletResponse httpResponse = (HttpServletResponse) response;
                            //send error or maybe redirect to some error page
                            httpResponse.sendError(HttpServletResponse.SC_BAD_REQUEST);
            }

            filterChain.doFilter(request, response);
        }

        @Override
        public void init(FilterConfig config) throws ServletException {
        }
    }

在您的 web.xml 中:

    <filter>
        <filter-name>suspiciousURLFilter </filter-name>
        <filter-class>your.package.SuspiciousURLFilter</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>SuspiciousURLFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
于 2013-08-23T05:11:19.560 回答