注册
登录
安全配置管理
优化检查url段问题的方法
返回
优化检查url段问题的方法
作者:
糖果
发布时间:
2024-01-17 09:36:44 (3月前)
我一直在 Laravel 中间件中使用一种方法,该方法检查任何 URL 段中的字符串以阻止 IP,如果它与“黑名单”字符串匹配。 一开始,我只有几个字符串要检查,但现在,列表越来越多,当我尝试优化它以使用“黑名单数组”时,我最终在代码和脑海中一团糟. 我相信这是可以做到的,但无法找出优化此中间件的最佳方法。下面是中间件代码示例,并附有我遇到问题的注释。 在handle($request, Closure $next)方法中是$this->inUrl()为所有列入黑名单的字符串调用该方法。 我试图添加一个protected $blacklisted数组,以用于$this->inUrl()但无法使其工作。 预先感谢您提出的任何建议,我们将不胜感激和欢迎。我也在考虑在优化时在 GitHub 上提供代码作为要点。 namespace App\Http\Middleware; /** * Class VerifyBlacklistedRequests * * @package App\Http\Middleware */ class VerifyBlacklistedRequests { /** * The array of blacklisted request string segments * * @access protected * @var array|string[] */ protected array $blacklisted = [ '.env', '.ftpconfig', '.vscode', ',git', '.git/HEAD' // etc... ]; /** * Handle an incoming request. * * @access public * * @param \Illuminate\Http\Request $request * @param \Closure $next * * @return mixed */ public function handle($request, Closure $next) { if($this->inUrl('.env') || $this->inUrl('.ftpconfig') || $this->inUrl('.vscode') || $this->inUrl('.git') || $this->inUrl('.git/HEAD') // many more checks below the above ones ) { // logic that blocks the IP goes here and working fine } return $next($request); } /** * Check if the string is in any URL segment or at the one specified. * * @access protected * * @param string|mixed $value Segment value/content. * @param integer $segment Segment position. * * @return bool */ protected function inUrl(string $value, $segment = -1) { if($segment !== -1 && request()->segment($segment) === $value) { return true; } collect(request()->segments())->each(function ($segment) use ($value) { if($segment === $value) { return true; } }); return false; } }
收藏
举报
2 条回复
1#
回复此人
糖果
|
2021-08-11 17-50
在所有建议都贴在这里之后,我最终得到了一个使用一些建议方法的解决方案。 结果最终将页面的加载时间减少了 1 秒以上。 我的最终实现: 创建了一个配置文件security.php,其中包含列入黑名单的请求字符串和列入白名单的 IP 候选名单。 该security.php配置文件 <?php return [ /* |-------------------------------------------------------------------------- | Whitelisted IPs configuration |-------------------------------------------------------------------------- | | These are the settings for the whitelisted IPs. The array contains | the IPs that should not trigger the IP block. | */ 'whitelisted_ips' => [ // whitelisted IPs array ], /* |-------------------------------------------------------------------------- | Blacklisted request strings configuration |-------------------------------------------------------------------------- | | These are the settings for the blacklisted request strings. The array contains | the strings that should trigger the IP to be blocked. | */ 'blacklisted_requests' => [ '.env', '.ftpconfig', '.vscode', '.git', '.git/HEAD', '_profiler', '__media__', 'administrator', //... ]; ]; 优化中间件去除inUrl()方法上的循环 该VerifyBlacklistedRequests中间件 <?php namespace App\Http\Middleware; use Closure; /** * Class VerifyHackingAttemptsRequests * * @property \Illuminate\Config\Repository|\Illuminate\Contracts\Foundation\Application|mixed white_listed_ips * @property \Illuminate\Config\Repository|\Illuminate\Contracts\Foundation\Application|mixed blacklist * @package App\Http\Middleware */ class VerifyHackingAttemptsRequests { /** * @access protected * @var \Illuminate\Config\Repository|\Illuminate\Contracts\Foundation\Application|mixed */ protected $blacklist; /** * @access protected * @var \Illuminate\Config\Repository|\Illuminate\Contracts\Foundation\Application|mixed */ protected $white_listed_ips; /** * VerifyHackingAttemptsRequests constructor * * @access public */ public function __construct() { $this->blacklist = config('security.blacklisted_requests'); $this->white_listed_ips = config('security.whitelisted_ips'); } /** * Handle an incoming request. * * @access public * * @param \Illuminate\Http\Request $request * @param \Closure $next * * @return mixed * @since 2.8.1 */ public function handle($request, Closure $next) { $exists = false; foreach(request()->segments() as $segment) { if(in_array($segment, $this->blacklist)) { $exists = true; } } if($exists) { $this->blockIp($request) } return $next($request); } /** * Method to save an IP in the Blocked IP database table * * @access protected * * @param \Illuminate\Http\Request $request * * @return \App\Models\BlockedIp */ protected function blockIp(Request $request, $notes = null) { // the logic to persist the data through the BlockedIp model } } 总之,该inUrl()方法被删除,删除了所有循环和方法调用,并且如上所述,页面的加载时间减少了 50% 以上。 感谢所有帮助我解决问题的建议方法。
编辑
登录
后才能参与评论
