kk-anti-reptile is suitable 基于spring-boot开发的分布式系统anti components reptiles
System Requirements
- Based on spring-boot Development (spring-boot1.x, spring-boot2.x available)
- You need to use redis
work process
kk-anti-reptile used to filter requests based on the Filter Servlet specification, and in the inside thereof by extension point mechanism spring-boot, examples of a Filter, and injected into Spring container FilterRegistrationBean injected into the Servlet container through Spring, can be filtered to a request
In the interior of the filter Filter kk-anti-reptile, but also by a chain of responsibility pattern, the various filter rules weaving, and to provide an abstract interface, the rules may be extended caller
Filter the call request filtering chain, such as filtration is not passed, intercepts the request and returns a status code 509, and outputs the verification code input page, the output code is correct, the rule calls for filtering rules chain reset
The current rule in the chain has the following two rules
ip-rule
ip-rule statistics requests within the current time window through the window of time, less than a specified maximum number of requests can be passed or not passed. Time window, maximum number of requests, ip white list can be configured
ua-rule
ua-rule by determining whether the request carries the User-Agent, to give the operating system, device information, the browser information, etc., of various dimensions may be configured to filter requests
After the shooting rules
After the brush hits reptiles and security rules, the request will be blocked, and then generates the block codes in addition, a variety of combinations of codes, if the client can enter the correct PIN, access may continue
Code Chinese, English letters + numbers, simple arithmetic three forms, each form there are static images and dynamic views of two GIF image formats that are currently following six kinds of all types of code will appear randomly, current technology means of identifying extremely difficult, which can effectively prevent prevent massive reptiles crawling data
Use access
Access back-end is very simple, only need to reference maven rely kk-anti-reptile and configure enable kk-anti-reptile to
join rely maven
<dependency>
<groupId>cn.keking.project</groupId>
<artifactId>kk-anti-reptile</artifactId>
<version>1.0.0-SNAPSHOT</version>
</dependency>
Configuration Enable kk-anti-reptile
anti.reptile.manager.enabled=true
Ajax distal need to add unified transmission request intercepted at intercept the request status code returned 509pop-up a new page, and in response to the content transferred to the page, and then passed to the backend interface page baseUrlparameters can, using axios request, for example:
import axios from 'axios';
import {baseUrl} from './config';
axios.interceptors.response.use(
data => {
return data;
},
error => {
if (error.response.status === 509) {
let html = error.response.data;
let verifyWindow = window.open("","_blank","height=400,width=560");
verifyWindow.document.write(html);
verifyWindow.document.getElementById ( "baseUrl"). value = baseUrl;
}
}
);
export default axios;
note
- apollo-client need to enable bootstrap
Apollo center user configuration, since the internal components used @ConditionalOnProperty, the following is added to the sample configuration in application.properties/bootstrap.properties, (apollo-client needs and 0.10.0 above) See apollo described on Bootstrap
apollo.bootstrap.enabled = true
- Need Redisson connection
If an item to be useful Redisson, kk-anti-reptile automatically obtain RedissonClient instance object; if unused, it is necessary to add the following Redisson connection configuration in the configuration file
spring.redisson.address=redis://192.168.1.204:6379 spring.redisson.password=xxx
Configure List
In the spring-boot, the profiles are arranged at all with automatic prompts and instructions, below
all configurations in anti.reptile.managerprefix, and the following configuration items for all described
| NAME | description | Defaults | Examples |
|---|---|---|---|
| enabled | Whether to enable anti-crawler plug-in | true | true |
| include-urls | Anti-climb required interface list, beginning with '/' to ',' separated | air | /client,/user |
| ip-rule.enabled | Whether to enable IP Rule | true | true |
| ip-rule.expiration-time | Time window length (ms) | 5000 | 5000 |
| ip-rule.request-max-size | Within a single time window, the maximum number of requests | 20 | 20 |
| ip-rule.ignore-ip | IP whitelist support suffix '*' wildcard to ',' separated | air | 192.168.*,127.0.0.1 |
| ua-rule.enabled | Whether to enable the User-Agent Rule | true | true |
| ua-rule.allowed-linux | Whether to allow access to the Linux system | false | false |
| ua-rule.allowed-mobile | Whether to allow access to the mobile end device | true | true |
| ua-rule.allowed-pc | Whether to allow PC devices to access the shift | true | true |
| ua-rule.allowed-iot | Whether to allow devices to access the Internet of Things | false | false |
| ua-rule.allowed-proxy | Whether to allow proxy access | false | false |