限制Post请求的CSRF攻击
增加到lighttpd.conf配置文件中
$HTTP["request-method"] == "POST" {
$HTTP["referer"] !~ "^($|http://myweb.com)" {
url.access-deny = ( "" )
}
}
域名重定向配置
判断host不是myweb.com,就重定向到http://myweb.com域名
增加到lighttpd.conf配置文件中
$HTTP["host"] !~ "myweb.com" {
$HTTP["host"] !~ "myweb.com" {
url.redirect= ( ".*" => "http://myweb.com" )
}
}
域名重定向排除固定类型的请求
wireshark抓取http请求数据包
Hypertext Transfer Protocol
POST /web/api HTTP/1.1\r\n
[Expert Info (Chat/Sequence): POST /web/api HTTP/1.1\r\n]
[POST /jrd/webapi HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: POST
Request URI: /web/api
Request Version: HTTP/1.1
Origin: http://myweb.com\r\n
Referer: http://myweb.com/login.html\r\n
Accept: application/json\r\n
Content-Type: application/json; charset=UTF-8\r\n
Content-Length: 54\r\n
[Content length: 54]
Host: 192.168.8.1\r\n
Connection: Keep-Alive\r\n
Accept-Encoding: gzip\r\n
User-Agent: okhttp/3.12.0\r\n
\r\n
[Full request URI: http://192.168.8.1/web/api]
[HTTP request 1/1]
[Response in frame: 93]
File Data: 54 bytes
判断主机不是myweb.com,referer字段不是http://myweb.com,就跳转到http://myweb.com
增加到lighttpd.conf配置文件中
$HTTP["host"] !~ "myweb.com" {
$HTTP["referer"] !~ "^($|http://myweb.com)" {
$HTTP["host"] !~ "myweb.com" {url.redirect= ( ".*" => "http://myweb.com" )}
}
}
判断是POST请求的才实现重定向
请求方法是POST,然后referer不是http://myweb.com就重定向到http://myweb.com
增加到lighttpd.conf配置文件中
$HTTP["request-method"] == "POST" {
$HTTP["referer"] !~ "^($|http://myweb.com)" {
$HTTP["host"] !~ "myweb.com" {url.redirect= ( ".*" => "http://myweb.com" )}
}
}