跨脚本+Host拦截
web.xml配置
XssFilter
com.enation.eop.XssFilter
XssFilter
/*
XssSqlFilter
com.enation.eop.SessionFilter
XssSqlFilter
/*
ServletCGIFilter
com.enation.eop.ServletCGIFilter
ServletCGIFilter
/*
===========================================
package com.enation.eop;
import java.io.IOException;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
public class SessionFilter implements Filter{
private static Logger log = Logger.getLogger(SessionFilter.class);
public void destroy() {
}
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
String requestStr = getRequestString(request);
System.out.println("requestStr: ======================== " + requestStr);
System.out.println("完整的地址是====" + request.getRequestURL().toString());
System.out.println("提交的方式是========" + request.getMethod());
log.info("requestStr: ======================== " + requestStr);
log.info("完整的地址是====" + request.getRequestURL().toString());
log.info("提交的方式是========" + request.getMethod());
if ("bingo".equals(guolv2(requestStr)) || "bingo".equals(guolv2(request.getRequestURL().toString()))) {
System.out.println("======访问地址发现非法字符,已拦截======");
log.info("======访问地址发现非法字符,已拦截======其非法地址为:" + guolv2(request.getRequestURL().toString()));
response.setStatus(403);
//response.sendRedirect(request.getContextPath() + "/login.jsp");
return;
}
// 主机ip和端口 或 域名和端口
String myhosts = request.getHeader("host");
if (!StringUtils.equals(myhosts, "192.168.0.177:8080")) {
System.out.println("======访问host非法,已拦截======其非法host为:" + myhosts);
log.info("======访问host非法,已拦截======其非法host为:" + myhosts);
response.setStatus(403);
//response.sendRedirect(request.getContextPath() + "/login.jsp"); // 或者response.setStatus(403);
return;
}
String currentURL = request.getRequestURI();
// add by wangsk 过滤请求特殊字符,扫描跨站式漏洞
Map parameters = request.getParameterMap();
if (parameters != null && parameters.size() > 0) {
for (Iterator iter = parameters.keySet().iterator(); iter.hasNext();) {
String key = (String) iter.next();
String[] values = (String[]) parameters.get(key);
for (int i = 0; i < values.length; i++) {
values[i] = guolv(values[i]);
System.out.println(values[i]);
}
}
}
filterChain.doFilter(servletRequest, servletResponse);
return;
}
public void init(FilterConfig filterConfig) throws ServletException {
}
public static String guolv(String a) {
a = a.replaceAll("%22", "");
a = a.replaceAll("%27", "");
a = a.replaceAll("%3E", "");
a = a.replaceAll("%3e", "");
a = a.replaceAll("%3C", "");
a = a.replaceAll("%3c", "");
a = a.replaceAll("<", "");
a = a.replaceAll(">", "");
a = a.replaceAll("\"", "");
a = a.replaceAll("'", "");
a = a.replaceAll("\\+", "");
a = a.replaceAll("\\(", "");
a = a.replaceAll("\\)", "");
a = a.replaceAll(" and ", "");
a = a.replaceAll(" or ", "");
a = a.replaceAll(" 1=1 ", "");
return a;
}
private String getRequestString(HttpServletRequest req) {
String requestPath = req.getServletPath().toString();
String queryString = req.getQueryString();
if (queryString != null)
return requestPath + "?" + queryString;
else
return requestPath;
}
public String guolv2(String a) {
if (StringUtils.isNotEmpty(a)) {
if (a.contains("%22") || a.contains("%3E") || a.contains("%3e") || a.contains("%3C") || a.contains("%3c")
|| a.contains("<") || a.contains(">") || a.contains("\"") || a.contains("'") || a.contains("+")
||a.contains(" and ") || a.contains(" or ") || a.contains("1=1") || a.contains("(")
|| a.contains(")")) {
return "bingo";
}
}
return a;
}
}
===========================================
package com.enation.eop;
import java.io.IOException;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class ServletCGIFilter implements Filter{
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest hReqest = (HttpServletRequest) request;
String referer=hReqest.getHeader("Referer");
Map map=hReqest.getParameterMap();
HttpServletResponse hResponse = (HttpServletResponse) response;
String queryString = hReqest.getQueryString();
if ( queryString != null && (queryString.contains("\\u0023") || this.queryStringHasCommond(queryString)) ){
hResponse.sendRedirect(hReqest.getContextPath() + "/404.jsp");
}else if(map.toString().contains("redirect")){
hResponse.sendRedirect(hReqest.getContextPath() + "/404.jsp");
}else{
chain.doFilter(request, response);
}
}
/**
*
* 描述:检测查询参数是否包含命令行
* @since
* @param queryString
* @return
*/
private boolean queryStringHasCommond(String queryString) {
String cmdModel = "^(action|redirect|redirectAction)(\\:|%3a).*$";
boolean matched = queryString.toLowerCase().matches(cmdModel);
return matched;
}
@Override
public void destroy() {
// TODO Auto-generated method stub
}
}
===========================================
package com.enation.eop;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import com.enation.eop.XssHttpServletRequestWrapper;
public class XssFilter implements Filter {
public void destroy() {
// TODO Auto-generated method stub
}
/**
* 过滤器用来过滤的方法
*/
public void doFilter(ServletRequest request, ServletResponse response,FilterChain chain) throws IOException, ServletException {
//包装request
XssHttpServletRequestWrapper xssRequest = new XssHttpServletRequestWrapper((HttpServletRequest) request);
chain.doFilter(xssRequest, response);
}
public void init(FilterConfig filterConfig) throws ServletException {
// TODO Auto-generated method stub
}
}===========================================
package com.enation.eop;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
HttpServletRequest orgRequest = null;
public XssHttpServletRequestWrapper(HttpServletRequest request) {
super(request);
}
/**
* 覆盖getParameter方法,将参数名和参数值都做xss过滤。
* 如果需要获得原始的值,则通过super.getParameterValues(name)来获取
* getParameterNames,getParameterValues和getParameterMap也可能需要覆盖
*/
@Override
public String getParameter(String name) {
String value = super.getParameter(xssEncode(name));
if (value != null) {
value = xssEncode(value);
}
return value;
}
@Override
public String[] getParameterValues(String name) {
String[] value = super.getParameterValues(name);
if(value != null){
for (int i = 0; i < value.length; i++) {
value[i] = xssEncode(value[i]);
}
}
return value;
}
@Override
public Map getParameterMap() {
// TODO Auto-generated method stub
return super.getParameterMap();
}
/**
* 覆盖getHeader方法,将参数名和参数值都做xss过滤。
* 如果需要获得原始的值,则通过super.getHeaders(name)来获取
* getHeaderNames 也可能需要覆盖
* 这一段代码在一开始没有注释掉导致出现406错误,原因是406错误是HTTP协议状态码的一种,
* 表示无法使用请求的内容特性来响应请求的网页。一般是指客户端浏览器不接受所请求页面的 MIME 类型。
*
*
**/
@Override
public String getHeader(String name) {
String value = super.getHeader(xssEncode(name));
if (value != null) {
value = xssEncode(value);
}
return value;
}
/**
* 将容易引起xss漏洞的半角字符直接替换成全角字符 在保证不删除数据的情况下保存
* @param s
* @return 过滤后的值
*/
private static String xssEncode(String value) {
if (value == null || value.isEmpty()) {
return value;
}
value = value.replaceAll("eval\\((.*)\\)", "");
value = value.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\"");
value = value.replaceAll("(?i).*?", "");
value = value.replaceAll("(?i).*? ", "");
value = value.replaceAll("(?i)<.*?javascript:.*?>.*?", "");
value = value.replaceAll("(?i)<.*?\\s+on.*?>.*?", "");
return value;
}
}