Tag:Blacklist

  • Persistence of Redux data in react native

    Time:2021-10-1

    problem In developmentreact-nativeIn the process, usereduxSaving state migration has basically become a standard practice. Changes in the user’s login status will bringreduxState migration, and other parts of the application also need to know whether the user has logged in and relevant login information. As long as the software does not exit, it can be transferred […]

  • About laravel and nginx current limiting strategies to prevent malicious requests

    Time:2021-8-14

    1、 Problem background Recently, the CPU coverage of the company’s recent online servers is often too high, which affects the response timeout of some applications, resulting in a large number of SMS and email alarms. After checking the database log and access.log, it is found that the API interface is brushed and maliciously and madly […]

  • JSON WEB TOKEN(JWT)

    Time:2021-4-30

    JWTyestokeIt’s a form of. Mainly byHeader (head)、Payload (load)、SignatureThese three parts are composed of strings. These three parts are connected with “.” to form a complete stringJWTThe value is${header}.${payload}.${signature}, for example, the following string connected with “.”eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiMTEiLCJpYXQiOjE2MTQzMjU5NzksImV4cCI6MTYxNDMyNTk4MH0.iMjzC_jN3iwSpIyawy3kNRNlL1mBSEiXtOJqhIZmsl8 header headerAt first it was oneJSONObject, theJSONcontainalgandtypThese two attributes, rightJSONusebase64url(usebase64After transcoding, the encoding algorithm is used to process special […]

  • Analysis of vulnerability caused by Jackson databind

    Time:2021-4-28

    preface Recently, the company has provided a list of high-risk vulnerabilities in the application, includingfastjsonAnd Jackson, because I have known about the deserialization problem caused by polymorphism in fastjson before, so I plan to do a simple analysis. Vulnerability Brief On August 27, 2020, 360cert monitoring found that Jackson databind released the risk notice of […]

  • Open source a small http / HTTPS gateway program minigateway based on go language

    Time:2021-1-26

    Mingateway was originally a small program based on the reverse proxy function of go language. In the process of using it, it gradually enriched some functions and became a small gateway program. I feel that it can basically meet the needs of small websites and apps, and replace nginx to a certain extent. If there […]

  • On the current limiting strategy of laravel and nginx to prevent malicious requests

    Time:2020-7-23

    1、 Background of the problem Recently, the CPU coverage of several recent online servers of the company is too high, which affects the response timeout of some applications, resulting in a large number of SMS and email alarms. After checking the database log and access.log It is found that the API interface has been brushed […]

  • Micro course lesson 15 authority and black and white list

    Time:2020-7-15

    https://v.youku.com/v_show/id… In the last issue, we introduced the management side. In this issue, we will introduce the authority and black and white list. Function introduction Permission is the DML permission control of a table, including whether the permissions such as insert, update, select and delete are allowed. Blacklist is a parser function inherited from Druid. […]

  • IP address fuzzy matching – IP blacklist

    Time:2020-6-17

    Fuzzy matching of IP blacklist The requirements are as follows //IP blacklist list List<String> ips = new ArrayList<>(); ips.add(“10.123.130.5”) ips.add(“10.123.129.*”) For example, if 10.123.130.5 accesses my service, it will be blocked in the blacklistFor example, 10.123.129.10 accesses my service, and I also want to intercept itThe second “*” we can fix it with regularThe idea […]

  • On laravel and nginx current limiting strategies to prevent malicious requests

    Time:2020-5-30

    1、 Problem background Recently, the company’s recent online servers often have too high CPU coverage, which affects the response timeout of some applications, resulting in a large number of SMS and email alarms. After checking the database logs and access.log , it is found that the API interface has been brushed and maliciously requested. The […]

  • Upload labs test notes

    Time:2020-4-22

    Upload labs test notes By: Mirror Wang Yuyang November 2019~ File upload, analysis and learning Environmental requirements To set up your own environment, please follow the following configuration environment to run each pass normally. Configuration item To configure describe operating system Window or Linux Windows is recommended. Pass-19 can run on windows except that it […]

  • Richly Language Example of the firewall-cmd command

    Time:2019-9-21

    1. Enabling new IPv4 and IPv6 connections for protocol “ah”   firewall-cmd –permanent –add-rich-rule ‘rule protocol value=”ah” accept’ 2. Allow new IPv4 and IPv6 connection services FTP and log 1 to use audit per minute   firewall-cmd –permanent –add-rich-rule ‘rule service name=”ftp” log limit value=”1/m” audit accept’ 3. Allow the use of syslog from address 192.168.0.0/24 to […]

  • PHP Array Blacklist/White List Example Code Details

    Time:2019-9-5

    In php, data is often queried through join, which is the case: $data = [ {id=>1,name=>a,age=>a}, {id=>1,name=>b,age=>b}, {id=>2,name=>c,age=>c}, {id=>3,name=>f,age=>f}, {id=>2,name=>d,age=>d}, ]; This format of data is actually very common, in fact, we want the data effect is: $data = [ [id=>1,user_info=>[[name=>a,age=>a],[name=>b,age=>b]]], [id=>2,user_info=>[[name=>c,age=>c],[name=>d,age=>d]]], [id=>3,user_info=>[[name=>f,age=>f]]], ]; So we need all kinds of foreach to deal with the […]