Filter IP addresses to prohibit access to the system

Original Works are allowed to be reprinted. During reprinting, please mark the article in hyperlink form
Source, author information, and my statement. Otherwise, legal liability will be held.
Author: Eternal Life _ ☆address: http://blog.csdn.net/chenghui0317/article/details/9822981

In practical applications, if a deployed project receives a malicious attack, it needs to filter out the IP address that receives the request. The following uses the filter as an example to describe the implementation method:

1. Customize the filter, inherit from the javax. servlet. Filter interface, and implement the three methods in it;

2. Receive the configured IP addresses that are not allowed to access in the init () method, and separate them with commas;

3. perform business processing in dofilter () to retrieve the currently accessed IP address and the IP address configured in the system. If yes, the page will jump to the disabled page;

4. Configure the filter in Web. XML, specify the interception method for all requests, and then add the initialization parameter to specify the IP address to prohibit access.

The Code is as follows:

Package COM. chenghui. util; import Java. io. ioexception; import javax. servlet. filter; import javax. servlet. filterchain; import javax. servlet. filterconfig; import javax. servlet. servletexception; import javax. servlet. servletrequest; import javax. servlet. servletresponse; import javax. servlet. HTTP. httpservletrequest; import javax. servlet. HTTP. httpservletresponse;/*** defines the ipfilter filter to filter out the configured IP list and prohibit access to the system * IP list in the configured fi Add initialization parameters to LTER. * @ Author administrator **/public class ipfilter implements filter {string [] forbidips = NULL; @ overridepublic void destroy () {// todo auto-generated method stub} @ overridepublic void dofilter (servletrequest request, servletresponse response, filterchain) throws ioexception, servletexception {// all requests are blocked because the interceptor defines the interception Specification AS/*. To prevent endless loops, open a special case to display the specific access result if (httpservletrequest) request ). getreques Turi (). Contains ("Forbid. jsp") {filterchain. dofilter (request, response); return; // if return is not added, the request will continue to be executed .} String remoteaddr = request. getremoteaddr (); If (forbidips! = NULL) {for (INT I = 0; I <forbidips. length; I ++) {If (forbidips [I]. equals (remoteaddr) {// If the accessed IP address is the same as the configured IP address, filter it out directly. (Httpservletresponse) response ). sendredirect ("forbid. JSP "); Return ;}} filterchain. dofilter (request, response) ;}@ overridepublic void Init (filterconfig) throws servletexception {// obtain it on the web. the initialization parameter string initparamter = filterconfig of the <filter> configured in XML. getinitparameter ("forbidips"); If (initparamter! = NULL) {forbidips = initparamter. Split (",");}}}

The configuration in Web. XML is as follows:

<! -- IP Filter --> <filter-Name> ipfilter </filter-Name> <filter-class> COM. chenghui. util. ipfilter </filter-class> <init-param> <param-Name> forbidips </param-Name> <param-value> 192.168.1.108, 192.168.6.89, 192.168.6.99 </param-value> </init-param> </filter> <filter-mapping> <filter-Name> ipfilter </filter-Name> <URL-pattern>/ * </url-pattern> </filter-mapping>

Okay, the ipfilter filter definition is complete, and then deploy the project and run it in the browser. The effect is as follows: