web.config增加httpModules节点
<httpModules>
<add name="HttpAccessInterceptModule" type="Org.Core.Commons.HttpAccessInterceptModule, Org.Core.Commons"/>
</httpModules>
using System;
using System.Collections.Generic;
using System.Configuration;
using System.Linq;
using System.Text.RegularExpressions;
using System.Web;
namespace Org.Core.Commons
{
public class HttpAccessInterceptModule : IHttpModule
{
private static List<string> _RegexWords;
static HttpAccessInterceptModule()
{
_RegexWords = new List<string>()
{
@"<[^>]+>'",
@"</[^>]+>'",
@"<[^>]+?style=[\w]+?:expression\(|\b(alert|confirm|prompt|window|location|eval|console|debugger|new|Function|var|let)\b|^\+/v(8|9)|<[^>]*?=[^>]*?&#[^>]*?>|\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|/\*.+?\*/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)"
};
string[] keyWords = {
};
_RegexWords.AddRange(keyWords.Select(o =