简体繁体 English

阻止所有来自NodeJS服务器的传出请求？

[英]Prevent all outgoing requests from NodeJS server?

原文 2014-02-25 21:39:49 6 3 node.js/ security

Is there any existing technique or npm package that can prevent all outgoing requests from a NodeJS server, allowing only responses to incoming requests? 是否有任何现有技术或npm软件包可以阻止NodeJS服务器发出的所有传出请求，仅允许对传入请求进行响应？ This could prevent phone-home type attacks in deep dependencies missed in security audits. 这可以防止在安全审核中遗漏的深层依赖中的电话家庭类型攻击。

3 个解决方案

A firewall. 防火墙。

That's truly the only way. 那确实是唯一的方法。 Remember though that there is nothing stopping some code from accepting commands from clients connecting to it. 请记住，虽然没有什么能阻止某些代码接受来自与其连接的客户端的命令。

Have a look at 看一下

The first link shows a firewall rule bound to a particular user. 第一个链接显示绑定到特定用户的防火墙规则。 Easy and simple. 简单容易。 Why use another npm module with deep dependencies you don't want to trust ;-) 为什么要使用另一个您不想信任的具有深层依赖关系的npm模块;-)

If you're looking for pure node.js solution, you can do something like that. 如果您正在寻找纯粹的node.js解决方案，则可以执行类似的操作。

Using some module like mockery you can limit what calls your javascript module can do to node.js core. 使用诸如mockery模块，您可以将您的javascript模块可以执行的操作限制为node.js核心。 For example, if you override require('net').connect , it'll make harder for malicious code to execute something. 例如，如果您覆盖require('net').connect ，那么恶意代码将很难执行某些操作。

I don't know of any existing solutions, but it's definitely possible, and I'd really like to see one. 我不知道任何现有的解决方案，但是绝对有可能，我真的很想看到一个解决方案。

That said, the generic approaches to this problem are completely outside of node.js scope: 也就是说，解决此问题的通用方法完全不在node.js范围内：

firewall 防火墙
apparmor 装甲

如何在NodeJS / Express上记录所有传出请求？ - How to log all outgoing requests on NodeJS/Express?

Nginx 如何处理来自 nodejs 作为客户端的传出请求？ - How Nginx handles outgoing requests going from nodejs as a client?

在NodeJS中执行传出HTTP2请求 - Performing outgoing HTTP2 requests in NodeJS

电子-在Web应用程序中所有传出（xhr）请求上ECONNREFUSED-但服务器已启动且启用了CORS。 - Electron - ECONNREFUSED on all outgoing (xhr) requests in the web app - but the server's up and CORS is enabled.

全局阻止来自 node.js 应用程序的所有 outgoing.network 请求 - Globally blocking all outgoing network requests from a node.js app

如何将带有令牌的标头（随每个请求而变化）附加到来自node.js中的api的所有传出请求中 - How to attach a header with the token(which changes with each request) in to all outgoing requests from an api in node.js

使用Express阻止NodeJS中的大请求 - Prevent large requests in NodeJS with Express

如何创建仅位于节点/ npm中应用程序内部的服务器，或修改传出请求中的任何响应正文 - How to create a server that is only internal to the app in node / npm or modify any response body from outgoing requests

使用NodeJS将传出的外部资产请求重定向到本地文件系统 - Redirect outgoing external asset requests to local filesystem with NodeJS

NodeJS：如何将所有传入服务器请求记录到mongodb？ - NodeJS: How to log all incoming server requests to mongodb?

暂无

暂无

声明:本站的技术帖子网页，遵循CC BY-SA 4.0协议，如果您需要转载，请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在NodeJS / Express上记录所有传出请求？ - How to log all outgoing requests on NodeJS/Express? Nginx 如何处理来自 nodejs 作为客户端的传出请求？ - How Nginx handles outgoing requests going from nodejs as a client? 在NodeJS中执行传出HTTP2请求 - Performing outgoing HTTP2 requests in NodeJS 电子-在Web应用程序中所有传出（xhr）请求上ECONNREFUSED-但服务器已启动且启用了CORS。 - Electron - ECONNREFUSED on all outgoing (xhr) requests in the web app - but the server's up and CORS is enabled. 全局阻止来自 node.js 应用程序的所有 outgoing.network 请求 - Globally blocking all outgoing network requests from a node.js app 如何将带有令牌的标头（随每个请求而变化）附加到来自node.js中的api的所有传出请求中 - How to attach a header with the token(which changes with each request) in to all outgoing requests from an api in node.js 使用Express阻止NodeJS中的大请求 - Prevent large requests in NodeJS with Express 如何创建仅位于节点/ npm中应用程序内部的服务器，或修改传出请求中的任何响应正文 - How to create a server that is only internal to the app in node / npm or modify any response body from outgoing requests 使用NodeJS将传出的外部资产请求重定向到本地文件系统 - Redirect outgoing external asset requests to local filesystem with NodeJS NodeJS：如何将所有传入服务器请求记录到mongodb？ - NodeJS: How to log all incoming server requests to mongodb?

相关标签

粤ICP备18138465号 © 2020-2024 STACKOOM.COM