SpringBoot防止大量請求攻擊

kel 發(fā)布于2021-11-24 09:38 / 1968人閱讀

摘要：我們使用測試同學(xué)的網(wǎng)站時，就會出現(xiàn)網(wǎng)站無法訪問，等錯誤。所以我們需要加上訪問時間限制，防止一個多次訪問請求，導(dǎo)致整個網(wǎng)站崩潰。

我們使用Jmeter測試同學(xué)的網(wǎng)站時，就會出現(xiàn)網(wǎng)站無法訪問，403等錯誤。

An error occurred.Sorry, the page you are looking for is currently unavailable.Please try again later.If you are the system administrator of this resource then you should check the error log for details.Faithfully yours, nginx.

所以我們需要加上IP訪問時間限制，防止一個IP多次訪問請求，導(dǎo)致整個網(wǎng)站崩潰。

自定義注解：

import java.lang.annotation.ElementType;import java.lang.annotation.Retention;import java.lang.annotation.RetentionPolicy;import java.lang.annotation.Target;/** * 自定義注解，用于攔截過于頻繁的請求 */@Retention(RetentionPolicy.RUNTIME)@Target(ElementType.METHOD)public @interface AccessLimit {    int seconds();    int maxCount();    boolean needLogin() default true;}

自定義攔截器：
我采用了拋出自定義異常的方式來解決相同IP多次訪問的問題：
throw new DujiaoshouException(20001,"操作過于頻繁");

import com.qykhhr.dujiaoshouservice.exceptionhandler.DujiaoshouException;import com.qykhhr.dujiaoshouservice.mycomment.AccessLimit;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.data.redis.core.RedisTemplate;import org.springframework.stereotype.Component;import org.springframework.web.method.HandlerMethod;import org.springframework.web.servlet.HandlerInterceptor;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import java.util.concurrent.TimeUnit;/** * 自定義攔截器 */@Componentpublic class AccessLimtInterceptor implements HandlerInterceptor {    @Autowired    private RedisTemplate redisTemplate;    @Override    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {        if (handler instanceof HandlerMethod) {            HandlerMethod hm = (HandlerMethod) handler;            AccessLimit accessLimit = hm.getMethodAnnotation(AccessLimit.class);            if (null == accessLimit) {                return true;            }            int seconds = accessLimit.seconds();            int maxCount = accessLimit.maxCount();            boolean needLogin = accessLimit.needLogin();            if (needLogin) {                //判斷是否登錄            }            String ip=request.getRemoteAddr();            String key = request.getServletPath() + ":" + ip ;            Integer count = (Integer) redisTemplate.opsForValue().get(key);            if (null == count || -1 == count) {                redisTemplate.opsForValue().set(key, 1,seconds, TimeUnit.SECONDS);                return true;            }            if (count < maxCount) {                count = count+1;                redisTemplate.opsForValue().set(key, count,0);                return true;            }            //  response 返回 json 請求過于頻繁請稍后再試            throw new DujiaoshouException(20001,"操作過于頻繁");        }        return true;    }}

在webconfig中配置攔截器

import com.qykhhr.dujiaoshouservice.Interceptor.AccessLimtInterceptor;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.context.annotation.Configuration;import org.springframework.web.servlet.config.annotation.InterceptorRegistry;import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;/** * 在webconfig中配置攔截器 */@Configurationpublic class MyWebMvcConfigurer extends WebMvcConfigurerAdapter {    @Autowired    private AccessLimtInterceptor accessLimtInterceptor;    @Override    public void addInterceptors(InterceptorRegistry registry) {        registry.addInterceptor(accessLimtInterceptor);        super.addInterceptors(registry);    }}

在Controller前面加上注解就可以生效了

@RestControllerpublic class AppHomeController {    @GetMapping("/index")    @AccessLimit(seconds = 1, maxCount = 3) //1秒內(nèi) 允許請求3次    public R getImageList(){        return R.ok().data("appHome","hahaha");    }}