Host主机头攻击&&点击劫持-白红宇

Host主机头攻击&&点击劫持

阅读量：5948 次

发布时间：2019-06-19

本文共 1113 字，大约阅读时间需要 3 分钟。

public String intercept(ActionInvocation action) throws Exception {        HttpServletRequest request = ServletActionContext.getRequest();        HttpServletResponse response = ServletActionContext.getResponse();        //点击劫持        response.setHeader("x-frame-options","SAMEORIGIN");        //获取Referer        String referer = request.getHeader("Referer");        //拦截不合法的Referer        if (referer != null && !isInclude(Authorize.REFERER_LIST, referer)) {            return "unauthorizedReferer";        }        String host = request.getHeader("Host");        //拦截不合法的host        if (host != null && !isInclude(Authorize.HOST_LIST, host)) {            return "unauthorizedHost";        }        String xForwardedHost = request.getHeader("X-Forwarded-Host");        if(xForwardedHost != null && !isInclude(Authorize.HOST_LIST,xForwardedHost)){            return "unauthorizedHost";        }        response.setHeader("Server", "unknown1");        String result = action.invoke();        response.setHeader("Server", "unknown2");        return result;    }

转载于:https://www.cnblogs.com/chonghaojie/p/9104309.html

你可能感兴趣的文章

arcsoft totalmedia theatre 播放电视

查看>>

TextView文字描边实现

查看>>

Spring源码解析 - AntPathMatcher

查看>>