I have a micro-service designed to interrogate devices of different types and Operating Systems, but for a set of reasons, I want to blacklist a handful of IPs. Is there a way I can achieve that?
Have you tried using HandlerInterceptor interface?
Combine with WebMvcConfigurerAdapter. This should do the job.
Something like this, not exact working code here
//Call after request processing, but before the view is rendered (after controller method call)
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
String ip = IPAddressUtil.getClientIpAddress(httpServletRequest);
List<BlackList> blackLists = blackListDao.findByIp(ip);
if (blackLists == null || blackLists.size() == 0){
urlHandle(httpServletRequest, 5000, 10);
} else {
//Forced control jump
modelAndView.setViewName("/errorpage/error.html");
}
}
BlackListDao class can be something like this
@Mapper
public interface BlackListDao {
//Find records by IP
List<BlackList> findByIp(String IP);
//Add record
int addBlackList(@Param("blackList") BlackList blackList);
}
Configure the Interceptor Webmvcconfigureradapter for spring MVC.
@Configuration
public class MyWebAppConfigurer extends WebMvcConfigurerAdapter {
@Bean // inject our interceptor as bean
public HandlerInterceptor getMyInterceptor(){
return new URLInterceptor();
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
//Multiple interceptors form an interceptor chain
//Addpathpatterns is used to add interception rules. Here we assume that all links after interception / URL
//Excludepathpatterns user exclusion
registry.addInterceptor(getMyInterceptor()).addPathPatterns("/url/**");
super.addInterceptors(registry);
}
The best way is to check it in the HttpFirewall
which can check if a HttpServletRequest
is potentially dangerous or not before allowing it to go through FilterChainProxy
.
Basically you need to override the default StrictHttpFirewall
and add the logic to check if the source IP of the request is in the blacklist, something likes:
public class MyFirewall extends StrictHttpFirewall {
private Set<String> backlistIPs;
public MyFirewall(Set<String> backlistIPs){
this.backlistIPs = backlistIPs;
}
@Override
public FirewalledRequest getFirewalledRequest(HttpServletRequest request) throws RequestRejectedException {
String sourceIp = getClientIpAddress(request);
if(backlistIPs.contains(sourceIp)){
throw new RequestRejectedException("IP is blacklisted");
}
return super.getFirewalledRequest(request);
}
}
Note: Refer this for how to implement getClientIpAddress()
Then configure to use it:
@EnableWebSecurity
public class Config extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
web.httpFirewall(new MyFirewall(Set.of("123.123.123.123" ,"123.123.123.124"));
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.