From 652e9ee200c176d512566afd8c7f5531c0844e90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=96=AF=E7=8B=82=E7=9A=84=E7=8B=AE=E5=AD=90Li?= <15040126243@163.com> Date: Fri, 15 Nov 2024 11:05:43 +0800 Subject: [PATCH] =?UTF-8?q?update=20=E4=BC=98=E5=8C=96=20=E6=8B=A6?= =?UTF-8?q?=E6=88=AA=E7=88=AC=E8=99=AB=E8=B7=9F=E8=B8=AA=E7=AD=89=E5=9E=83?= =?UTF-8?q?=E5=9C=BE=E8=AF=B7=E6=B1=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../org/dromara/common/web/config/UndertowConfig.java | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/config/UndertowConfig.java b/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/config/UndertowConfig.java index 39092cce..8b9fe71a 100644 --- a/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/config/UndertowConfig.java +++ b/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/config/UndertowConfig.java @@ -1,6 +1,8 @@ package org.dromara.common.web.config; import io.undertow.server.DefaultByteBufferPool; +import io.undertow.server.handlers.DisallowedMethodsHandler; +import io.undertow.util.HttpString; import io.undertow.websockets.jsr.WebSocketDeploymentInfo; import org.dromara.common.core.utils.SpringUtils; import org.springframework.boot.autoconfigure.AutoConfiguration; @@ -29,6 +31,15 @@ public class UndertowConfig implements WebServerFactoryCustomizer { + // 禁止三个方法 CONNECT/TRACE/TRACK 也是不安全的 避免爬虫骚扰 + HttpString[] disallowedHttpMethods = { + HttpString.tryFromString("CONNECT"), + HttpString.tryFromString("TRACE"), + HttpString.tryFromString("TRACK") + }; + return new DisallowedMethodsHandler(handler, disallowedHttpMethods); + }); }); }