72 lines
1.4 KiB
Markdown
72 lines
1.4 KiB
Markdown
|
# HTTP特征中自定义RequsetHeader为Host时,策略无法生效
|
|||
|
|
|
|||
|
|
| ID | Creation Date | Assignee | Status |
|
|||
|
|
|----|----------------|----------|--------|
|
|||
|
|
| OMPUB-914 | 2023-05-10T18:33:06.000+0800 | 刘学利 | 已解决 |
|
|||
|
|
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
测试环境:https://tsg.bj.internal.geedge.net
|
|||
|
|
|
|||
|
|
在HTTP特征中自定义RequestHeader为Host:dsafes.srtfss.xyz,并生效一个关联的HTTP阻断策略,访问网站http://dsafes.srtfss.xyz,无阻断效果
|
|||
|
|
!screenshot-3.png|thumbnail!
|
|||
|
|
!screenshot-1.png|thumbnail!
|
|||
|
|
!screenshot-2.png|thumbnail!
|
|||
|
|
|
|||
|
|
访问网站有对应的会话日志
|
|||
|
|
!screenshot-4.png|thumbnail!
|
|||
|
|
|
|||
|
|
捕包中有Host:dsafes.srtfss.xyz内容
|
|||
|
|
!screenshot-5.png|thumbnail!
|
|||
|
|
|
|||
|
|
**zhangzhihan** commented on *2023-05-11T17:16:13.600+0800*:
|
|||
|
|
|
|||
|
|
测试了 http://dsafes.srtfss.xyz 这个网址所有的RequestHeader的阻断效果,除 【Upgrade-Insecure-Requests】(值为1无法成功创建对象) 以及 【Host】 外,其余均阻断成功
|
|||
|
|
!screenshot-6.png|thumbnail!
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
**liuxueli** commented on *2023-05-12T15:32:35.227+0800*:
|
|||
|
|
|
|||
|
|
* 功能端不支持在Request Header中配置HOST和URL,可以在HOST或URL的Filter中单独添加。
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
## Attachments
|
|||
|
|
|
|||
|
|
**37736/dsafes.srtfss.xyz.pcap**
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
**37731/screenshot-1.png**
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
**37732/screenshot-2.png**
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
**37733/screenshot-3.png**
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
**37734/screenshot-4.png**
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
**37735/screenshot-5.png**
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
**37793/screenshot-6.png**
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|