首页

通过过滤器UnknownRefererSecurityFilter实现开放接口白名单授权访问,防止内容被盗爬

标签:filter,java,过滤器,黑名单,安全,策略,盗链,反抓取,爬取,header,配置     发布时间:2016-08-24   

一、前言

最近发现网站内容存在直接通过开放接口被抓取的的安全隐患,于是写了个安全过滤器UnknownRefererSecurityFilter实现允许白名单访问域接入到本站直接获取内容,之前也写过防止相关页面盗链的文章可以参考,该功能现在上线,测试效果如下图所示

通过过滤器UnknownRefererSecurityFilter实现开放接口白名单授权访问,防止内容被盗爬

二、代码示例

1. UnknownRefererSecurityFilter类内容如下所示

package com.xwood.search.security;@b@@b@import java.io.IOException;@b@import java.io.PrintWriter;@b@import javax.servlet.Filter;@b@import javax.servlet.FilterChain;@b@import javax.servlet.FilterConfig;@b@import javax.servlet.ServletException;@b@import javax.servlet.ServletRequest;@b@import javax.servlet.ServletResponse;@b@import javax.servlet.http.HttpServletRequest;@b@import javax.servlet.http.HttpServletResponse;@b@@b@public class UnknownRefererSecurityFilter implements Filter {@b@    @b@    /**白名单配置单*/@b@    private static final String[] whiteLists={"xwood.net","139.196.30.182"}; @b@@b@    @Override@b@    public void init(FilterConfig filterConfig) throws ServletException {@b@        // TODO Auto-generated method stub @b@    }@b@    @b@    private boolean filterHeaderByWhileLists(HttpServletRequest hreq,String s_index){@b@        if(hreq.getHeader("Referer").indexOf(s_index)!=-1)@b@            return true;@b@        return false;@b@    }@b@    @b@    /**@b@     * 过滤白名单@b@     * @param hreq@b@     * @return@b@     */@b@    private boolean filterHeaderRefer(HttpServletRequest hreq){@b@        if(null==hreq.getHeader("Referer")){@b@            return false;@b@        }@b@        for(String s:whiteLists){@b@            if(filterHeaderByWhileLists(hreq,s))@b@                return true;@b@        }@b@        return false;@b@    }@b@@b@    @SuppressWarnings("unused")@b@    @Override@b@    public void doFilter(ServletRequest request, ServletResponse response,@b@            FilterChain chain) throws IOException, ServletException {@b@        // TODO Auto-generated method stub@b@        HttpServletRequest hreq = (HttpServletRequest) request;@b@        HttpServletResponse hres = (HttpServletResponse) response;@b@        boolean isAllowed=filterHeaderRefer(hreq); //防止非白名单通过搜索抓取本站内容@b@        if (isAllowed) {@b@            chain.doFilter(request, response);@b@        } else { @b@            PrintWriter out = hres.getWriter();@b@            out.println("Illegal access!!!");    @b@        }@b@    }@b@@b@    @Override@b@    public void destroy() {@b@    }@b@@b@}

2. 配置过滤器

    <filter>@b@        <filter-name>unknownRefererSecurityFilter</filter-name>@b@        <filter-class>com.xwood.search.security.UnknownRefererSecurityFilter</filter-class>@b@    </filter>@b@    <filter-mapping>@b@        <filter-name>unknownRefererSecurityFilter</filter-name>@b@        <url-pattern>/*</url-pattern>@b@    </filter-mapping>
>上一篇: 通过定义JS窗口对象获取url地址location.search部分的参数值 >下一篇: 两种方式生成身份统一识别码ID(数字编码、字母数组组合编码)的工具类IdUtils