由于项目可以使用burp遍历邮箱,以发现邮箱有没有被注册,所以需要采用限制ip访问次数的方式来限制采集
String ip = request.getHeader("x-forwarded-for");
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("WL-Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getRemoteAddr();
}
String uri = request.getRequestURI().toString();
String redisKey = "limit-ip-request:" + uri + ":" + ip;
long count = redisDao.incr(redisKey);
if (count > 1) {
redisDao.expire(redisKey, 1800);
}
logger.info("半小时内第" + count + "次访问");
if (count > 10) {
logger.info("用户IP[" + ip + "]访问地址[" + uri + "]超过了限定的次数[10]");
return "redirect:/errorTooMuch.htm";
}