解决渗透测试js文件泄露

解决渗透测试js文件泄露_第1张图片
解决办法:使用过滤器过滤

public class StaticSourceFilter implements Filter {

    private static Logger logger = LoggerFactory.getLogger(StaticSourceFilter.class);

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {

        HttpServletRequest request = (HttpServletRequest)servletRequest;
        HttpServletResponse response =(HttpServletResponse)servletResponse;

        String path = request.getRequestURL().toString();
        logger.debug("path: " + path);
        String referer = request.getHeader("Referer");
        if (StringUtils.isEmpty(referer)){
            return;
        }

        response.addHeader("Cache-Control", "no-store");
        filterChain.doFilter(request, response);

    }

    @Override
    public void destroy() {

    }
}

1、思路:如果是直接url访问js文件,不会有Referer请求头
2、添加请求头Cache-Control解决首次访问浏览器直接访问硬盘缓存

response.addHeader("Cache-Control", "no-store");

你可能感兴趣的:(javascript,java,servlet)