1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
package com.vci.ubcs.gateway.filter;
 
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;
 
/**
 * 网关过滤器，拦截明确的攻击特征
 */
public class EssentialSecurityFilter implements GlobalFilter {
 
    @Override
    public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
        ServerHttpRequest request = exchange.getRequest();
        String path = request.getPath().value();
 
        // 只拦截最危险的请求
        if (isDefinitelyDangerous(path)) {
            return blockRequest(exchange, "危险请求被拦截！");
        }
 
        return chain.filter(exchange);
    }
 
    private boolean isDefinitelyDangerous(String path) {
        // 只拦截明确的攻击特征
        return path.contains("../") ||
            path.contains("/WEB-INF/") ||
            path.matches(".*\\.(jsp|war|sh|bat|exe)$") ||
            path.contains("cmd.exe") ||
            path.contains("/bin/");
    }
 
    private Mono<Void> blockRequest(ServerWebExchange exchange, String message) {
        exchange.getResponse().setStatusCode(HttpStatus.FORBIDDEN);
        return exchange.getResponse().setComplete();
    }
 
}