义乌网站建设费用多少,建设网站套餐,鄂州做网站报价,电子商务加盟网站建设Dos----拒绝服务攻击#xff0c;一般是构造特殊的输入#xff0c;使得后台的处理耗时远超正常水平#xff0c;随着请求越来越多#xff0c;后台服务越发疲于奔命#xff0c;最后因资源耗尽#xff0c;无法再接受新的请求#xff0c;最终造成拒绝服务的效果。
特殊输入例…Dos----拒绝服务攻击一般是构造特殊的输入使得后台的处理耗时远超正常水平随着请求越来越多后台服务越发疲于奔命最后因资源耗尽无法再接受新的请求最终造成拒绝服务的效果。
特殊输入例如 分页查询时传一个很大的pageSize 入参是一个很大的集合。
对于前者做一个公共函数检查pageSize的大小确定合理的范围即可。 对于后者往往是在post请求里可以做一个filter来处理所有的incoming request。参考了一些资料样例代码如下
Component
public class BodySizeLimitFilter implements Filter {private static final ListString METHODS_WITH_BODY Collections.unmodifiableList(Arrays.asList(POST, PUT, OPTIONS, DELETE, PATCH));private static final String CONTENT_LENGTH_HEADER Content-Length;private static final int TOO_LARGE_STATUS 413;Value(${reqbody.maxsize:4096})private long contentLengthLimit;Overridepublic void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)throws IOException, ServletException {HttpServletRequest httpServletRequest (HttpServletRequest) request;HttpServletResponse httpResponse (HttpServletResponse) response;if (!METHODS_WITH_BODY.contains(httpServletRequest.getMethod())) {chain.doFilter(httpServletRequest, httpResponse);return;}long contentSize getContentLength(httpServletRequest);if (contentSize contentLengthLimit) {resetRespAndSetStatus(httpResponse, TOO_LARGE_STATUS);} else {chain.doFilter(request, response);}}private void resetRespAndSetStatus(HttpServletResponse response, int status) {response.reset();response.setStatus(status);}private long getContentLength(HttpServletRequest httpRequest) {String contentLength httpRequest.getHeader(CONTENT_LENGTH_HEADER);return safeToLong(contentLength, 0);}
}
