/** * @author Leon */ @WebFilter(filterName = "WebFilter", urlPatterns = "/*") class WebsFilter implements Filter { @Autowired private ILogsService logsService; @Override public void init(FilterConfig config) throws ServletException { /*初始化方法 接收一个FilterConfig类型的参数 该参数是对Filter的一些配置*/ } @Override public void destroy() { /*销毁时调用*/ } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException { String method; if (request instanceof HttpServletRequest) { method = ((HttpServletRequest) request).getMethod(); String path = ((HttpServletRequest) request).getServletPath(); if (("GET".equalsIgnoreCase(method)) && ((path.indexOf("/wangwang") != -1)) { Enumeration names = request.getParameterNames(); while (names.hasMoreElements()) { String name = (String) names.nextElement(); String value = request.getParameter(name); System.out.println(name + "---" + value); if (checkGetMethodParams(value)) { response.setCharacterEncoding("UTF-8"); response.setContentType("application/json;charset=UTF-8"); PrintWriter out = response.getWriter(); out.write("您所访问的页面请求中有违反安全规则元素存在,拒绝访问!"); return; } } } } chain.doFilter(request, response); } /*路径遍历攻击常用字符*/ public static boolean checkGetMethodParams(String param) { if (param.indexOf("../") != -1) { return true; } if (param.indexOf("%2e%2e/") != -1) { return true; } if (param.indexOf("%2e%2e%2f") != -1) { return true; } if (param.indexOf("..\\") != -1) { return true; } if (param.indexOf("..%2f") != -1) { return true; } if (param.indexOf("..") != -1) { return true; } if (param.indexOf("%c1%1c") != -1) { return true; } if (param.indexOf("%c0%9v") != -1) { return true; } if (param.indexOf("%c0%af") != -1) { return true; } if (param.indexOf("..%5c../") != -1) { return true; } if (param.indexOf(".bat") != -1) { return true; } if (param.indexOf(".sh") != -1) { return true; } if (param.indexOf(".cmd") != -1) { return true; } if (param.indexOf(".ini") != -1) { return true; } //注释内容(第一个冒号后也可以跟任何一个非字母数字的字符) if (param.indexOf("::") != -1) { return true; } //注释内容(不能出现重定向符号和管道符号) if (param.indexOf("rem") != -1) { return true; } //注释内容(不能出现重定向符号和管道符号) if (param.indexOf("echo") != -1) { return true; } //注释内容(不能出现重定向符号和管道符号) if (param.indexOf("if not exist nul") != -1) { return true; } if (param.indexOf("goto") != -1) { return true; } if (param.indexOf("\\") != -1) { return true; } if (param.indexOf("%5C") != -1) { return true; } return false; } }
截图自:https://www.cnblogs.com/kelelipeng/p/11382404.html