为了防止本站资源(小木人印象www.xwood.net)被恶意下载,最近实现安全控制模块-通过分析用户访问IP地址在有效时间内的对本站资源合理下载量,作为黑名单规则,但是发现获取通过之前HttpClientIpUtils工具类获取的ip地址都是127.0.0.1,无法获取终端访问用户有效的ip地址,导致黑名单库无法创建。
由于nginx配置服务端的反向代理导致,之前反向配置如下
location ^~/open-api/{
proxy_pass http://127.0.0.1:8080/openapi/;
}
应该调整配置为如下(增加配置项proxy_set_header x-forwarded-for $remote_addr;)
location ^~/open-api/{
proxy_pass http://127.0.0.1:8080/openapi/;
proxy_set_header x-forwarded-for $remote_addr;
}
1、访问客户端安全控制类ClientUserController,代码如下
public class ClientUserController {
private static final Logger logger = Logger.getLogger(ClientUserController.class);
private static ConcurrentMap<String,ClientUser> downloadUsers=new ConcurrentHashMap<String,ClientUser>();
private static List<String> blackIplist=new CopyOnWriteArrayList<String>();
//12小时最大下载量
private static int maxDayDownloadTimes=1000;
//验证期限
private static long validTimeSec=12*60*60;
public static void register(String ip){
if(StringUtils.isEmpty(ip)||"127.0.0.1".equalsIgnoreCase(ip))
return ;
if(!isPermission(ip))
return ;
if(downloadUsers.containsKey(ip)){
downloadUsers.get(ip).setDownloadTimes(downloadUsers.get(ip).getDownloadTimes()+1);
logger.info(" downloadUser login --------------:"+ip+" times----------------:"+downloadUsers.get(ip).toString());
}else{
downloadUsers.put(ip,new ClientUser(ip));
logger.info(" New downloadUser register --------------:"+ip+" times----------------:1");
}
}
public static boolean isPermission(String ip){
if(StringUtils.isEmpty(ip)){
logger.info(" downloadUser isPermission false,becase you have't clientIp <<<<<<<<<<<<<<<<<<<<<<<< ");
return false;
}
if("127.0.0.1".equalsIgnoreCase(ip)){
logger.info(" downloadUser can't get ip ; ======================================== 127.0.0.1 ");
return true;
}
if(blackIplist.contains(ip)){
logger.info(" downloadUser@"+ip+"@ is danger downloadUser !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ");
logger.info(" downloadUser@"+ip+"@ is danger downloadUser !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ");
logger.info(" downloadUser@"+ip+"@ is danger downloadUser !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ");
return false;
}
if(downloadUsers.containsKey(ip)){
ClientUser checkClientUser=downloadUsers.get(ip);
if(System.currentTimeMillis()-checkClientUser.getLastTime()>=validTimeSec){
if(checkClientUser.getDownloadTimes()>=maxDayDownloadTimes){
blackIplist.add(ip);
logger.info(" downloadUser@"+ip+"@ add to blacklist !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ");
logger.info(" downloadUser@"+ip+"@ add to blacklist !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ");
logger.info(" downloadUser@"+ip+"@ add to blacklist !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ");
return false;
}else{
downloadUsers.remove(ip);
}
}else{
if(checkClientUser.getDownloadTimes()>=maxDayDownloadTimes){
blackIplist.add(ip);
logger.info(" downloadUser@"+ip+"@ add to blacklist !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ");
logger.info(" downloadUser@"+ip+"@ add to blacklist !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ");
logger.info(" downloadUser@"+ip+"@ add to blacklist !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ");
logger.info(" downloadUser@"+ip+"@ add to blacklist !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ");
logger.info(" downloadUser@"+ip+"@ add to blacklist !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ");
logger.info(" downloadUser@"+ip+"@ add to blacklist !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ");
return false;
}
}
}
return true;
}
}
2、客户端用户类ClientUser,代码如下
public class ClientUser {
private String ip;
private Integer downloadTimes=1;
private Long lastTime;
public ClientUser() {
super();
lastTime=System.currentTimeMillis();
}
public ClientUser(String ip) {
super();
this.ip = ip;
lastTime=System.currentTimeMillis();
}
public String getIp() {
return ip;
}
public void setIp(String ip) {
this.ip = ip;
}
public Integer getDownloadTimes() {
return downloadTimes;
}
public void setDownloadTimes(Integer downloadTimes) {
this.downloadTimes = downloadTimes;
}
public Long getLastTime() {
return lastTime;
}
public void setLastTime(Long lastTime) {
this.lastTime = lastTime;
}
public static void main(String[] args) throws Exception{
ClientUser u=new ClientUser();
u.lastTime=System.currentTimeMillis();
Thread.sleep(2000);
System.out.println((System.currentTimeMillis()-u.lastTime)/1000);
}
@Override
public String toString() {
return "ClientUser [ip=" + ip + "]";
}
@Override
public boolean equals(Object obj) {
ClientUser _this=(ClientUser)obj;
if(_this==null)
return false;
if(this.getIp().equalsIgnoreCase(_this.getIp()))
return true;
return false;
}
}