使用 .htaccess 拒绝具有双标头的请求
我想拒绝包含具有不同值的双标头的请求,因此可能会导致问题。但我不确定如何通过 .htaccess 检查标头是否多次出现。
例如,如果名为“x-test-header”且具有不同值的标头出现两次,则返回 400。如果“x-test-header”标头包含相同的值,则可以通过。 “x-test-header”还应该允许包含逗号分隔的值,例如“abc,xyz”。所以像“xyz,abc”这样的东西也应该是有效的。
我真的想不出一种方法来检查标题是否多次出现以及如何检查这些值。另外,我不确定如何访问逗号分隔的值并干净地处理它们。这可能吗?
使用 Apache 2.4.52
编辑:
应该有效的示例列表:
1。
x-test-header: abc, xyz
x-test-header: xyz, abc
x-test-header: abc
x-test-header: abc
应拒绝的示例列表:
3.
x-test-header: abc, xyz
x-test-header: abcd, xyz
x-test-header: abc
x-test-header: xyz
I want to reject requests that contain double headers with different values and therefore could lead to problems. But im unsure on how to check via .htaccess if a header is present more than once.
For example if a header named "x-test-header" with different values is present two times then return a 400. If the "x-test-header" headers contains the same value then it can be passed through. The "x-test-header" should also be allowed to contain comma separted values like "abc, xyz". So something like "xyz, abc" should be valid aswell.
I can't really think of a way to check if a heading occurs multiple times and how to check the values of those. Also, I'm not sure how to access comma separated values and process them cleanly. Is that even possible?
Using Apache 2.4.52
Edit:
List of examples that should be valid:
1.
x-test-header: abc, xyz
x-test-header: xyz, abc
x-test-header: abc
x-test-header: abc
List of examples that should be rejected:
3.
x-test-header: abc, xyz
x-test-header: abcd, xyz
x-test-header: abc
x-test-header: xyz
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论