manager/my-worker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

支持指定获取客户端IP的Header名称,防止IP伪造。

Browse Source
This commit is contained in:
thinkgem
2018-08-09 23:19:42 +08:00
parent 0e67815b8d
commit f91bb55f38
3 changed files with 22 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
common/src/main/java/com/jeesite/common/network/IpUtils.java
View File

@@ -2,7 +2,8 @@ package com.jeesite.common.network;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import com.jeesite.common.lang.ObjectUtils; import com.jeesite.common.codec.EncodeUtils;
import com.jeesite.common.io.PropertiesUtils;
import com.jeesite.common.lang.StringUtils; import com.jeesite.common.lang.StringUtils;
public class IpUtils { public class IpUtils {
@@ -16,20 +17,23 @@ public class IpUtils {
if (request == null) { if (request == null) {
return "unknown"; return "unknown";
} }
String ip = request.getHeader("X-Forwarded-For"); String ip = null;
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { String xffName = PropertiesUtils.getInstance()
ip = request.getHeader("Proxy-Client-IP"); .getProperty("shiro.remoteAddrHeaderName");
if (StringUtils.isNotBlank(xffName)){
ip = request.getHeader(xffName);
} }
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { if (StringUtils.isBlank(ip) || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("WL-Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("X-Real-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getRemoteAddr(); ip = request.getRemoteAddr();
} }
return StringUtils.split(ObjectUtils.toString(ip), ",")[0]; if (StringUtils.isNotBlank(ip)){
ip = EncodeUtils.xssFilter(ip);
ip = StringUtils.split(ip, ",")[0];
}
if (StringUtils.isBlank(ip)){
ip = "unknown";
}
return ip;
} }
/** /**

3
modules/core/src/main/resources/config/jeesite-core.yml
View File

@@ -243,6 +243,9 @@ shiro:
# 登录提交信息安全Key加密用户名、密码、验证码后再提交key设置为3个用逗号分隔 # 登录提交信息安全Key加密用户名、密码、验证码后再提交key设置为3个用逗号分隔
secretKey: thinkgem,jeesite,com secretKey: thinkgem,jeesite,com
# 指定获取客户端IP的Header名称防止IP伪造。指定为空则使用原生方法获取IP。
remoteAddrHeaderName: X-Forwarded-For
# 允许的请求方法设定,解决安全审计问题 # 允许的请求方法设定,解决安全审计问题
allowRequestMethods: GET,POST allowRequestMethods: GET,POST

3
web/src/main/resources/config/jeesite.yml
View File

@@ -266,6 +266,9 @@ jdbc:
# # 登录提交信息安全Key加密用户名、密码、验证码后再提交key设置为3个用逗号分隔 # # 登录提交信息安全Key加密用户名、密码、验证码后再提交key设置为3个用逗号分隔
# secretKey: thinkgem,jeesite,com # secretKey: thinkgem,jeesite,com
# #
# # 指定获取客户端IP的Header名称防止IP伪造。指定为空则使用原生方法获取IP。
# remoteAddrHeaderName: X-Forwarded-For
#
# # 允许的请求方法设定,解决安全审计问题 # # 允许的请求方法设定,解决安全审计问题
# allowRequestMethods: GET,POST # allowRequestMethods: GET,POST
# #