Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
智布道
OneBlog
提交
178ba56f
O
OneBlog
项目概览
智布道
/
OneBlog
9 个月 前同步成功
通知
11
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
O
OneBlog
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
178ba56f
编写于
11月 19, 2018
作者:
智布道
👁
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
✨
集成braum,过滤恶意请求
上级
af422e1b
变更
10
隐藏空白更改
内联
并排
Showing
10 changed file
with
159 addition
and
5 deletion
+159
-5
blog-core/pom.xml
blog-core/pom.xml
+6
-0
blog-core/src/main/java/com/zyd/blog/util/RequestUtil.java
blog-core/src/main/java/com/zyd/blog/util/RequestUtil.java
+9
-1
blog-web/src/main/java/com/zyd/blog/BlogWebApplication.java
blog-web/src/main/java/com/zyd/blog/BlogWebApplication.java
+2
-0
blog-web/src/main/java/com/zyd/blog/core/WebMvcConfig.java
blog-web/src/main/java/com/zyd/blog/core/WebMvcConfig.java
+28
-0
blog-web/src/main/java/com/zyd/blog/core/intercepter/BraumIntercepter.java
.../java/com/zyd/blog/core/intercepter/BraumIntercepter.java
+55
-0
blog-web/src/main/resources/application-dev.yml
blog-web/src/main/resources/application-dev.yml
+9
-0
blog-web/src/main/resources/application-test.yml
blog-web/src/main/resources/application-test.yml
+7
-0
blog-web/src/main/resources/static/css/zhyd.core.css
blog-web/src/main/resources/static/css/zhyd.core.css
+1
-1
blog-web/src/main/resources/static/img/forbidden.jpg
blog-web/src/main/resources/static/img/forbidden.jpg
+0
-0
blog-web/src/main/resources/templates/error/403.ftl
blog-web/src/main/resources/templates/error/403.ftl
+42
-3
未找到文件。
blog-core/pom.xml
浏览文件 @
178ba56f
...
...
@@ -190,5 +190,11 @@
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>
me.zhyd.braum.spring.boot
</groupId>
<artifactId>
braum-spring-boot-starter
</artifactId>
<version>
1.0.0-alpha
</version>
</dependency>
</dependencies>
</project>
blog-core/src/main/java/com/zyd/blog/util/RequestUtil.java
浏览文件 @
178ba56f
...
...
@@ -25,7 +25,6 @@ import javax.servlet.http.HttpServletRequest;
import
java.util.Enumeration
;
/**
*
* @author yadong.zhang (yadong.zhang0415(a)gmail.com)
* @version 1.0
* @website https://www.zhyd.me
...
...
@@ -75,4 +74,13 @@ public class RequestUtil {
return
request
.
getMethod
();
}
public
static
boolean
isAjax
(
HttpServletRequest
request
)
{
if
(
request
==
null
)
{
request
=
RequestHolder
.
getRequest
();
}
return
"XMLHttpRequest"
.
equalsIgnoreCase
(
request
.
getHeader
(
"X-Requested-With"
))
||
request
.
getParameter
(
"ajax"
)
!=
null
;
}
}
blog-web/src/main/java/com/zyd/blog/BlogWebApplication.java
浏览文件 @
178ba56f
...
...
@@ -19,6 +19,7 @@
*/
package
com.zyd.blog
;
import
me.zhyd.braum.spring.boot.annotation.EnableBraumConfiguration
;
import
org.springframework.boot.SpringApplication
;
import
org.springframework.boot.autoconfigure.SpringBootApplication
;
import
org.springframework.boot.web.servlet.ServletComponentScan
;
...
...
@@ -36,6 +37,7 @@ import org.springframework.transaction.annotation.EnableTransactionManagement;
@SpringBootApplication
@ServletComponentScan
@EnableTransactionManagement
@EnableBraumConfiguration
public
class
BlogWebApplication
{
public
static
void
main
(
String
[]
args
)
{
...
...
blog-web/src/main/java/com/zyd/blog/core/WebMvcConfig.java
0 → 100644
浏览文件 @
178ba56f
package
com.zyd.blog.core
;
import
com.zyd.blog.core.intercepter.BraumIntercepter
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.context.annotation.Configuration
;
import
org.springframework.web.servlet.config.annotation.InterceptorRegistry
;
import
org.springframework.web.servlet.config.annotation.WebMvcConfigurer
;
/**
* @author yadong.zhang (yadong.zhang0415(a)gmail.com)
* @version 1.0
* @website https://www.zhyd.me
* @date 2018/11/19 9:39
* @since 1.8
*/
@Configuration
public
class
WebMvcConfig
implements
WebMvcConfigurer
{
@Autowired
BraumIntercepter
braumIntercepter
;
@Override
public
void
addInterceptors
(
InterceptorRegistry
registry
)
{
registry
.
addInterceptor
(
braumIntercepter
)
.
excludePathPatterns
(
"/assets/**"
,
"/error/**"
,
"favicon.ico"
,
"/css/**"
,
"/js/**"
,
"/img/**"
)
.
addPathPatterns
(
"/**"
);
}
}
blog-web/src/main/java/com/zyd/blog/core/intercepter/BraumIntercepter.java
0 → 100644
浏览文件 @
178ba56f
package
com.zyd.blog.core.intercepter
;
import
com.zyd.blog.util.RequestUtil
;
import
com.zyd.blog.util.ResultUtil
;
import
lombok.extern.slf4j.Slf4j
;
import
me.zhyd.braum.spring.boot.BraumProcessor
;
import
me.zhyd.braum.spring.boot.BraumResponse
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.stereotype.Component
;
import
org.springframework.web.servlet.HandlerInterceptor
;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletResponse
;
import
java.io.PrintWriter
;
import
java.util.concurrent.TimeUnit
;
/**
* braum,自动识别恶意请求
*
* @author yadong.zhang (yadong.zhang0415(a)gmail.com)
* @version 1.0
* @website https://www.zhyd.me
* @date 2018/11/19 9:24
* @since 1.8
*/
@Component
@Slf4j
public
class
BraumIntercepter
implements
HandlerInterceptor
{
private
static
final
int
SUCCESS
=
1
;
@Autowired
private
BraumProcessor
processor
;
@Override
public
boolean
preHandle
(
HttpServletRequest
request
,
HttpServletResponse
response
,
Object
handler
)
throws
Exception
{
BraumResponse
br
=
processor
.
process
(
request
);
if
(
br
.
getCode
()
==
SUCCESS
)
{
return
true
;
}
String
errorMsg
=
String
.
format
(
"第%s次被限制!"
,
br
.
getLimitCount
());
log
.
warn
(
errorMsg
);
if
(
RequestUtil
.
isAjax
(
request
))
{
response
.
setCharacterEncoding
(
"UTF-8"
);
response
.
setContentType
(
"text/html;charset=utf-8"
);
PrintWriter
writer
=
response
.
getWriter
();
writer
.
write
(
ResultUtil
.
error
(
errorMsg
).
toJson
());
writer
.
flush
();
writer
.
close
();
return
false
;
}
request
.
setAttribute
(
"errorMsg"
,
errorMsg
);
request
.
setAttribute
(
"expire"
,
TimeUnit
.
MILLISECONDS
.
toSeconds
(
br
.
getExpire
()));
request
.
getRequestDispatcher
(
"/error/403"
).
forward
(
request
,
response
);
return
false
;
}
}
blog-web/src/main/resources/application-dev.yml
浏览文件 @
178ba56f
...
...
@@ -39,10 +39,19 @@ spring:
# logging settings
logging
:
path
:
/var/tmp/website-blog-web
####################################自定义配置##########################################
app
:
# 是否启用kaptcha验证码
enableKaptcha
:
false
# 创建网站的时间,用于计算已建站的天数,默认为2018-01-01
buildWebsiteDate
:
2018-01-01 00:00:00
# braum过滤器,用于过滤恶意请求
braum
:
limit
:
access
:
type
:
redis
threshold
:
15
interval
:
5000
####################################自定义配置##########################################
\ No newline at end of file
blog-web/src/main/resources/application-test.yml
浏览文件 @
178ba56f
...
...
@@ -38,6 +38,13 @@ spring:
# logging settings
logging
:
path
:
/var/tmp/website-blog-web
# braum过滤器,用于过滤恶意请求
braum
:
limit
:
access
:
type
:
redis
threshold
:
15
interval
:
5000
####################################自定义配置##########################################
app
:
# 是否启用kaptcha验证码
...
...
blog-web/src/main/resources/static/css/zhyd.core.css
浏览文件 @
178ba56f
...
...
@@ -2582,7 +2582,7 @@ nav a:first-child .meta-nav {
}
.forbidden
.left
img
{
width
:
35
0px
;
width
:
21
0px
;
-moz-box-shadow
:
10px
10px
20px
#eeeeee
;
-webkit-box-shadow
:
10px
10px
20px
#eeeeee
;
box-shadow
:
10px
10px
20px
#eeeeee
;
...
...
blog-web/src/main/resources/static/img/forbidden.jpg
0 → 100644
浏览文件 @
178ba56f
103.8 KB
blog-web/src/main/resources/templates/error/403.ftl
浏览文件 @
178ba56f
<#include "include/macros.ftl">
<@header title="Forbidden :("></@header>
<div class="container custome-container">
<div class="clearfix"></div>
<div class="row blog-main">
<div class="blog-body forbidden">
您已被禁止访问该页面!
<div class="blog-body forbidden" style="overflow: hidden;">
<div class="col-md-6 left">
<div class="error-container text-center">
<p class="text-center"><i class="fa fa-info-circle"></i><strong>系统检测到您的访问状态异常,已被临时限制访问!</strong></p>
<p class="forbidden-img"><img class="img-responsive center-block" src="${config.staticWebSite}/img/forbidden.jpg" alt="你已被拉入黑名单"></p>
<p class="text-center"><i class="fa fa-spinner fa-pulse fa-fw fa-2x"></i>系统将于 <em><span class="limit-expiration-time"></span></em>秒后解除限制</p>
</div>
</div>
<div class="col-md-6 right">
<blockquote class="pull-left">
<div class="bottom-line title"><i class="fa fa-question-circle-o"></i><strong>为什么会被限制?</strong></div>
<ol>
<li>1.快速的、频繁的、大量的刷新页面</li>
<li>2.疑是Spider</strong></li>
<li>3.系统抽风</li>
</ol>
<div class="clear"></div>
<div class="bottom-line title" style="margin-top: 2.5rem;"><i class="fa fa-question-circle-o"></i><strong>如何解除限制?</strong></div>
<ol>
<li>1.出门喝杯咖啡,一般来说回来的时候限制就被解除了 <i class="fa fa-coffee fa-2x"></i></li>
<li>2.文明上网,勿刷流量!</li>
<li>3.请联系<a target="_blank" href="javascript:void(0);" title="点击QQ联系我"onclick="window.open('tencent://message/?uin=${config.qq}&Site=www.${config.domain}&Menu=yes')" rel="external nofollow">网站管理员</a></strong></li>
</ol>
<div class="clear"></div>
</blockquote>
</div>
</div>
</div>
</div>
<@footer></@footer>
<@footer>
<script type="text/javascript">
var expire = parseInt('${expire?c}' || 60);
$(".limit-expiration-time").text(expire);
var timer = setInterval(function () {
if(expire <= 1){
window.clearInterval(timer);
window.location.reload();
} else {
$(".forbidden-img").toggleClass("shake");
$(".limit-expiration-time").text(expire = expire - 1);
}
}, 1000);
</script>
</@footer>
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录