热门标签
热门文章
- 1User-centric ultra-dense networks for 5G: challenges, methodologies, and directions 论文阅读笔记_5g的uudn
- 2第十七篇【传奇开心果系列】Python的OpenCV库技术点案例示例:自适应阈值二值化处理图像提取文字_opencv自适应二值化
- 3以“拉”代“推”--现代销售新主流_推销和拉销概念
- 4图文解说Flink的应用场景和功能_flink使用场景及案例
- 5Go 开发者调查 2024 年结果(AI相关)
- 6adb命令行操作sqlite数据库_adb sqlite3 insert
- 7lastb 命令查询上次登录失败IP
- 8解决 客户端连接 mysql5.7 Plugin ‘mysql_native_plugin‘ is not loaded错误_mysql plugin native
- 9C# 开发Windows服务程序并在计算机上注册服务_c# 注册服务
- 10前端禁止页面被查看源码、被下载_不想让浏览器下载前端发布包
当前位置: article > 正文
【SpringBoot】限制IP访问频率_springboot ip频率限制
作者:人工智能uu | 2024-07-24 11:05:47
赞
踩
springboot ip频率限制
引言
显示中存在恶意ip频繁请求情况,本文通过自定义注解+拦截器实现限制ip访问的频率
实现
1. 添加pom依赖
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aspects</artifactId>
<version>4.3.10.RELEASE</version>
</dependency>
- 1
- 2
- 3
- 4
- 5
2. 添加自定义注解
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
@Documented
@Order(Ordered.HIGHEST_PRECEDENCE)
public @interface RequestLimit {
/**
* 允许访问的最大次数
*/
int count() default Integer.MAX_VALUE;
/**
* 时间段,单位为毫秒,默认值一分钟
*/
long time() default 60000;
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
3. 添加自定义异常
public class RequestLimitException extends NestedRuntimeException {
public RequestLimitException(){
super("HTTP请求超出设定的限制");
}
public RequestLimitException(String msg) {
super(msg);
}
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
4. 添加自定义拦截器
interceptor
@Slf4j @Aspect @Component public class RequestLimitInterceptor { @Before("within(@org.springframework.web.bind.annotation.RequestMapping * || @javax.ws.rs.Path *) && @annotation(limit)") public void requestLimit(final JoinPoint joinPoint, RequestLimit limit) throws RequestLimitException { try { // 获取 HttpServletRequest Object[] args = joinPoint.getArgs(); HttpServletRequest request = null; for (int i = 0; i < args.length; i++) { if (args[i] instanceof HttpServletRequest) { request = (HttpServletRequest) args[i]; break; } } if (request == null) { throw new RequestLimitException("调用方法中缺少HttpServletRequest参数"); } String ip = HttpUtil.getIpByRequest(request); String url = request.getRequestURL().toString(); String key = "req_limit_".concat(url).concat(ip); IMap<String, Object> cache = CacheData.getInstance().getRequestLimitCache(); String value = (String) cache.get(key); if (null == value) { value = "1_" + System.currentTimeMillis(); cache.put(key, value, limit.time(), TimeUnit.MILLISECONDS); } else { String[] s = value.split("_"); int count = Integer.parseInt(s[0]); if (count > limit.count()) { log.info("用户IP[{}], 访问地址[{}], 超过了限定的次数[{}]", ip, url, limit.count()); throw new RequestLimitException(); } value = (count + 1) + "_" + s[1]; long last = limit.time() - (System.currentTimeMillis() - Long.parseLong(s[1])); if (last > 0) { cache.put(key, value, last, TimeUnit.MILLISECONDS); } } } catch (RequestLimitException e) { throw e; } catch (Exception e) { log.error("发生异常", e); } } }
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
http utils
@Slf4j public class HttpUtil { public static String getIpByRequest(HttpServletRequest request) { String ip = request.getHeader("x-forwarded-for"); if (ip != null && ip.length() != 0 && !"unknown".equalsIgnoreCase(ip)) { // 多次反向代理后会有多个ip值,第一个ip才是真实ip if (ip.contains(",")) { ip = ip.split(",")[0]; } } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("Proxy-Client-IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("WL-Proxy-Client-IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("HTTP_CLIENT_IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("HTTP_X_FORWARDED_FOR"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("X-Real-IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getRemoteAddr(); } return ip; } }
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
5. 使用
Jersey方式
@RequestLimit(time = 3000,count = 2)
@GET
@Path("/test")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public Response test(@Context HttpServletRequest request) {
return Response.status(200).entity(new Date()).build();
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
Spring MVC 方式
@RequestLimit(time = 3000,count = 2)
@GetMapping(value = "/test")
public RespEntity test(HttpServletRequest request) {
return RespEntity.success(new Date());
}
- 1
- 2
- 3
- 4
- 5
小结
本文优化了拦截方式,可以同时拦截springMVC和Jersey。优化了ip次数检查,利用的hazelcast过期key的方式,当然redis也可以实现。
参考:
https://blog.csdn.net/It_BeeCoder/article/details/94303699
https://bbs.csdn.net/topics/392154383
https://blog.csdn.net/qq_37272886/article/details/88553962
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/人工智能uu/article/detail/874280
推荐阅读
相关标签
