[lighttpd]referer字段实现域名过滤及放行指定域名不走重定向

wellnw

于 2022-10-25 10:29:28 发布

阅读量355

点赞数

分类专栏： HTTP 文章标签： lighttpd

本文链接：https://blog.csdn.net/wgl307293845/article/details/127508406

版权

HTTP 专栏收录该内容

6 篇文章 1 订阅

订阅专栏

限制Post请求的CSRF攻击


增加到lighttpd.conf配置文件中
$HTTP["request-method"] == "POST" {
          $HTTP["referer"] !~ "^($|http://myweb.com)" {
              url.access-deny = ( "" )
          }
      }

域名重定向配置

判断host不是myweb.com，就重定向到http://myweb.com域名


增加到lighttpd.conf配置文件中

$HTTP["host"] !~ "myweb.com" {
    $HTTP["host"] !~ "myweb.com" {
		url.redirect= ( ".*" => "http://myweb.com" )
   }
}

域名重定向排除固定类型的请求

wireshark抓取http请求数据包

Hypertext Transfer Protocol
    POST /web/api HTTP/1.1\r\n
        [Expert Info (Chat/Sequence): POST /web/api HTTP/1.1\r\n]
            [POST /jrd/webapi HTTP/1.1\r\n]
            [Severity level: Chat]
            [Group: Sequence]
        Request Method: POST
        Request URI: /web/api
        Request Version: HTTP/1.1
    Origin: http://myweb.com\r\n
    Referer: http://myweb.com/login.html\r\n
    Accept: application/json\r\n
    Content-Type: application/json; charset=UTF-8\r\n
    Content-Length: 54\r\n
        [Content length: 54]
    Host: 192.168.8.1\r\n
    Connection: Keep-Alive\r\n
    Accept-Encoding: gzip\r\n
    User-Agent: okhttp/3.12.0\r\n
    \r\n
    [Full request URI: http://192.168.8.1/web/api]
    [HTTP request 1/1]
    [Response in frame: 93]
    File Data: 54 bytes

判断主机不是myweb.com,referer字段不是http://myweb.com，就跳转到http://myweb.com

增加到lighttpd.conf配置文件中
$HTTP["host"] !~ "myweb.com" {
	$HTTP["referer"] !~ "^($|http://myweb.com)" {
        $HTTP["host"] !~ "myweb.com" {url.redirect= ( ".*" => "http://myweb.com" )}
        }
}

判断是POST请求的才实现重定向

请求方法是POST，然后referer不是http://myweb.com就重定向到http://myweb.com


增加到lighttpd.conf配置文件中
$HTTP["request-method"] == "POST" {
	$HTTP["referer"] !~ "^($|http://myweb.com)" {
        $HTTP["host"] !~ "myweb.com" {url.redirect= ( ".*" => "http://myweb.com" )}
        }
}