11

yanjinhui

2025-11-14 d7c7208e3720d72dadec01ee997c350096ab6b15

 ÏîÄ¿´úÂë/ºó¶Ë/ºǫ́¹ÜÀí/WIDESEAWCS_Server/WIDESEAWCS_Server/Program.cs

@@ -108,10 +108,10 @@
Encoding.RegisterProvider(CodePagesEncodingProvider.Instance);

//解决服务器在HTTP响应中自动添加了一些不必要的标头
builder.WebHost.ConfigureKestrel(serverOptions =>
{
    serverOptions.AddServerHeader = false;
});
//builder.WebHost.ConfigureKestrel(serverOptions =>
//{
//    serverOptions.AddServerHeader = false;
//});

var app = builder.Build();

@@ -133,24 +133,24 @@

//X-Content-Type-Options”头缺失或不安全
// ä½¿ç”¨ AddDefaultSecurityHeaders æ–¹æ³•æ·»åŠ ä¸€ç»„推荐的安全标头
app.UseSecurityHeaders(policies => policies
    .AddFrameOptionsDeny() // æ·»åŠ  X-Frame-Options: DENY
    .AddContentTypeOptionsNoSniff() // è¿™å°±æ˜¯ä½ éœ€è¦çš„ X-Content-Type-Options: nosniff
    .AddXssProtectionBlock() // æ·»åŠ  X-XSS-Protection: 1; mode=block
    .AddStrictTransportSecurityMaxAgeIncludeSubDomains(maxAgeInSeconds: 60 * 60 * 24 * 365) // æ·»åŠ  HSTS å¤´
    // ç§»é™¤æœåŠ¡å™¨ä¿¡æ¯å¤´
    //.AddCustomHeader("X-Powered-By", string.Empty) // æ³¨æ„æ˜¯ AddCustomHeader
    //解决Content-Security-Policy缺失
        .AddContentSecurityPolicy(builder =>
        {
            builder.AddDefaultSrc().Self();
            builder.AddScriptSrc().Self();
            builder.AddStyleSrc().Self();
            builder.AddImgSrc().Self().Data();
            builder.AddFontSrc().Self();
        })
//app.UseSecurityHeaders(policies => policies
//    .AddFrameOptionsDeny() // æ·»åŠ  X-Frame-Options: DENY
//    .AddContentTypeOptionsNoSniff() // è¿™å°±æ˜¯ä½ éœ€è¦çš„ X-Content-Type-Options: nosniff
//    .AddXssProtectionBlock() // æ·»åŠ  X-XSS-Protection: 1; mode=block
//    .AddStrictTransportSecurityMaxAgeIncludeSubDomains(maxAgeInSeconds: 60 * 60 * 24 * 365) // æ·»åŠ  HSTS å¤´
//    // ç§»é™¤æœåŠ¡å™¨ä¿¡æ¯å¤´
//    //.AddCustomHeader("X-Powered-By", string.Empty) // æ³¨æ„æ˜¯ AddCustomHeader
//    //解决Content-Security-Policy缺失
//        .AddContentSecurityPolicy(builder =>
//        {
//            builder.AddDefaultSrc().Self();
//            builder.AddScriptSrc().Self();
//            builder.AddStyleSrc().Self();
//            builder.AddImgSrc().Self().Data();
//            builder.AddFontSrc().Self();
//        })

);
//);
// æ‰‹åŠ¨ç§»é™¤å¤šä½™å“åº”头（旧版包必须）
app.Use(async (context, next) =>
{
@@ -160,54 +160,54 @@
    await next();
});
// æ‹¦æˆªæ•æ„Ÿè·¯å¾„，返回 404
app.Use(async (context, next) =>
{
    var path = context.Request.Path.Value ?? string.Empty;
//app.Use(async (context, next) =>
//{
//    var path = context.Request.Path.Value ?? string.Empty;

    var blacklist = new[]
    {
        "/.git", "/.svn", "/.env", "/backup", "/backups", "/config", "/database", "/.idea", "/.vscode", "/node_modules"
    };
//    var blacklist = new[]
//    {
//        "/.git", "/.svn", "/.env", "/backup", "/backups", "/config", "/database", "/.idea", "/.vscode", "/node_modules"
//    };

    if (path.Contains("..") || blacklist.Any(b => path.StartsWith(b, StringComparison.OrdinalIgnoreCase)))
    {
        context.Response.StatusCode = StatusCodes.Status404NotFound;
        await context.Response.WriteAsync("Not Found");
        return;
    }
    await next();
});
//    if (path.Contains("..") || blacklist.Any(b => path.StartsWith(b, StringComparison.OrdinalIgnoreCase)))
//    {
//        context.Response.StatusCode = StatusCodes.Status404NotFound;
//        await context.Response.WriteAsync("Not Found");
//        return;
//    }
//    await next();
//});
//应用程序指标数据暴露
app.Use(async (context, next) =>
{
    var path = context.Request.Path.Value ?? string.Empty;
    // éœ€è¦ä¿æŠ¤çš„端点前缀
    var sensitivePrefixes = new[]
    {
        "/metrics", "/health", "/actuator", "/diagnostics", "/debug", "/metrics/prometheus"
    };
//app.Use(async (context, next) =>
//{
//    var path = context.Request.Path.Value ?? string.Empty;
//    // éœ€è¦ä¿æŠ¤çš„端点前缀
//    var sensitivePrefixes = new[]
//    {
//        "/metrics", "/health", "/actuator", "/diagnostics", "/debug", "/metrics/prometheus"
//    };

    if (sensitivePrefixes.Any(p => path.StartsWith(p, StringComparison.OrdinalIgnoreCase)))
    {
        var secret = app.Configuration["Internal:MetricsKey"]; // åœ¨ appsettings.json æˆ– çŽ¯å¢ƒå˜é‡é‡Œé…ç½®
        if (string.IsNullOrWhiteSpace(secret))
        {
            // æœªé…ç½®å¯†é’¥ï¼šä¸ºäº†å®‰å…¨æ‹’绝访问
            context.Response.StatusCode = StatusCodes.Status403Forbidden;
            await context.Response.WriteAsync("Forbidden");
            return;
        }
//    if (sensitivePrefixes.Any(p => path.StartsWith(p, StringComparison.OrdinalIgnoreCase)))
//    {
//        var secret = app.Configuration["Internal:MetricsKey"]; // åœ¨ appsettings.json æˆ– çŽ¯å¢ƒå˜é‡é‡Œé…ç½®
//        if (string.IsNullOrWhiteSpace(secret))
//        {
//            // æœªé…ç½®å¯†é’¥ï¼šä¸ºäº†å®‰å…¨æ‹’绝访问
//            context.Response.StatusCode = StatusCodes.Status403Forbidden;
//            await context.Response.WriteAsync("Forbidden");
//            return;
//        }

        if (!context.Request.Headers.TryGetValue("X-Internal-Secret", out var provided) || provided != secret)
        {
            context.Response.StatusCode = StatusCodes.Status401Unauthorized;
            await context.Response.WriteAsync("Unauthorized");
            return;
        }
    }
//        if (!context.Request.Headers.TryGetValue("X-Internal-Secret", out var provided) || provided != secret)
//        {
//            context.Response.StatusCode = StatusCodes.Status401Unauthorized;
//            await context.Response.WriteAsync("Unauthorized");
//            return;
//        }
//    }

    await next();
});
//    await next();
//});
app.UseHttpsRedirection();

app.UseIpLimitMiddle();