package com.wx.filter; import com.wx.util.ConfKit; import org.apache.log4j.Logger; import javax.servlet.*; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; /** * Created by 123 on 2018-05-14 */ @WebFilter(filterName = "HostFilter") public class HostFilter implements Filter { public static Logger logger = Logger.getLogger(HostFilter.class); public void destroy() { } public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) resp; // 头攻击检测 String requestHost = request.getHeader("host"); logger.info("requestHost:"+requestHost); if (requestHost != null && ConfKit.getProps("okHost").indexOf(requestHost)==-1) { response.setStatus(403); return; } chain.doFilter(req, resp); } public void init(FilterConfig config) throws ServletException { } }
其中okHost为允许的host头,在测试环境下为:localhost:8080
转自:https://blog.csdn.net/ahuyangdong/article/details/79091699