公司有一php系统,由于该系统是购买的,并且没人懂php,无法通过修改代码过滤sql注入问题
代码如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 | public class Program{ public static void Main(string[] args) { var builder = WebApplication.CreateBuilder(args); builder.Services.AddReverseProxy() .LoadFromConfig(builder.Configuration.GetSection("ReverseProxy")) ; var app = builder.Build(); app.Use(SQLFirewall); app.MapReverseProxy(); app.Run(); } public static async Task SQLFirewall(HttpContext context, Func<Task> next) { const string regStr1 = "ldap:|rmi:|JDBC4Connection|trax\\.TemplatesImpl|%bf%27"; const string regStr2 = "\\b(select|update|delete|insert|drop|create|call|alter|execute|exec|grant|truncate|master|load_file|outfile)\\b"; context.Request.EnableBuffering(); foreach (var item in context.Request.Query) { if (Regex.IsMatch(item.Value, regStr1, RegexOptions.IgnoreCase)) { context.Response.StatusCode = 401; return; } if (Regex.IsMatch(item.Value, regStr2, RegexOptions.IgnoreCase)) { context.Response.StatusCode = 401; return; } } if (context.Request.Method == "POST" && context.Request.Form != null) { foreach (var item in context.Request.Form) { if (Regex.IsMatch(item.Value, regStr1, RegexOptions.IgnoreCase)) { context.Response.StatusCode = 401; return; } if (Regex.IsMatch(item.Value, regStr2, RegexOptions.IgnoreCase)) { context.Response.StatusCode = 401; return; } } } await next.Invoke(); }} |
配置文件如下:
{ "Logging": { "LogLevel": { "Default": "Information", "Microsoft.AspNetCore": "Warning" } }, "AllowedHosts": "*", "ReverseProxy": { "Routes": { "route1": { "ClusterId": "cluster1", "Match": { "Path": "{**catch-all}" } } }, "Clusters": { "cluster1": { "Destinations": { "destination1": { "Address": "https://www.baidu.com" } } } } } }
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· DeepSeek 开源周回顾「GitHub 热点速览」
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
· AI与.NET技术实操系列(二):开始使用ML.NET
· 单线程的Redis速度为什么快?