spamfilter.java

真正的、彻底的、完全面向对象软件系统。有兴趣的加我好友

/*
 * Copyright 2007 the original author or jdon.com
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 */
package com.jdon.jivejdon.presentation.filter;

import java.io.IOException;
import java.util.regex.Pattern;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.log4j.Logger;

import com.jdon.controller.WebAppUtil;
import com.jdon.jivejdon.manager.throttle.ThrottleManagerIF;

/**
 * if referrerUrl inlucde  
 * if referrerUrl is empty, it is a spam
 * if referrerUrl is not starting with "http://" ,  it is spam
 *  
 * web.xml
 * <filter>
 <filter-name>SpamFilter</filter-name>
 <filter-class>com.jdon.jivejdon.presentation.filter.SpamFilter</filter-class>
 <init-param>
 <param-name>referrer.robotCheck.userAgentPattern</param-name>
 <param-value>.*(slurp|google).*</param-value>
 </init-param>
 <init-param>
 <param-name>referrer.domain.name</param-name>
 <param-value>http://www.jdon.com</param-value>
 </init-param>
 </filter>
 
 <filter-mapping>
 <filter-name>SpamFilter</filter-name>
 <url-pattern>*.html</url-pattern>
 </filter-mapping>
 <filter-mapping>
 <filter-name>SpamFilter</filter-name>
 <url-pattern>*.shtml</url-pattern>
 </filter-mapping>
 *
 */
public class SpamFilter implements Filter {
	private final static Logger log = Logger.getLogger(SpamFilter.class);

	private Pattern robotPattern;

	private String thisHostDomainname;

	private String referrertestname;

	private ServletContext servletContext;

	public void init(FilterConfig config) throws ServletException {
		// check for possible robot pattern
		String robotPatternStr = config.getInitParameter("referrer.robotCheck.userAgentPattern");
		if (robotPatternStr != null && robotPatternStr.length() > 0) {
			// Parse the pattern, and store the compiled form.
			try {
				robotPattern = Pattern.compile(robotPatternStr);
			} catch (Exception e) {
				// Most likely a PatternSyntaxException; log and continue as if it is not set.
				log.error("Error parsing referrer.robotCheck.userAgentPattern value '" + robotPatternStr + "'.  Robots will not be filtered. ", e);
			}
		}

		thisHostDomainname = config.getInitParameter("referrer.domain.name");
		if (thisHostDomainname == null)
			thisHostDomainname = "http://www.jdon.com";

		referrertestname = config.getInitParameter("referrer.test.name");
		if (referrertestname == null)
			thisHostDomainname = "http://localhost";

		servletContext = config.getServletContext();
	}

	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
		HttpServletRequest httpRequest = (HttpServletRequest) request;
		if (isSpam(httpRequest)) {
			log.debug("spammer, giving 'em a 403");
			delSpamFromSessionOnlines(httpRequest);
			if (!response.isCommitted())
				response.reset();
			HttpServletResponse httpResponse = (HttpServletResponse) response;
			httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
			return;
		} else {
			chain.doFilter(request, response);
		}
	}

	private void delSpamFromSessionOnlines(HttpServletRequest httpRequest) {
		HttpSession session = httpRequest.getSession();
		session.invalidate();
	}

	/**
	 * Process the incoming request to extract referrer info and pass it on
	 * to the referrer processing queue for tracking.
	 *
	 * @returns true if referrer was spam, false otherwise
	 */
	private boolean isSpam(HttpServletRequest request) {
		String referrerUrl = request.getHeader("Referer");
		if (referrerUrl != null) {
			if (referrerUrl.indexOf(thisHostDomainname) != -1) {
				return false;
			} else if ((referrerUrl.indexOf(referrertestname) != -1)) {
				return false;
			} else if ((referrerUrl.indexOf("localhost") != -1)) {
				return false;
			}
		}
		String clinetIp = request.getRemoteAddr();
		if (clinetIp !=null){
			if (clinetIp.indexOf("127.0.0.1") != -1)
				return false; //if locahost debug, skip;
			else if (clinetIp.indexOf(referrertestname) != -1)
				return false;
		}

		//		 if refer is null, 1. browser 2. google 3. otherspam

		if (robotPattern != null) {
			String userAgent = request.getHeader("User-Agent");
			if (userAgent != null && userAgent.length() > 0 && robotPattern.matcher(userAgent).matches()) {
				return false;
			}
		}

		//		 if refer is not null, from other url , it also must obey below rules:
		//if it is from browser directly, cann't visit above 5 threads html in 60 seconds.
		ThrottleManagerIF throttleManager = (ThrottleManagerIF) WebAppUtil.getService("throttleManager", request);
		if (!throttleManager.isValidate(request.getRemoteAddr())) {
			log.error("it is spame : processing referrer for " + request.getRequestURI() + " referrerUrl=" + referrerUrl + " ip=" + request.getRemoteAddr());
			return true;
		}
		return false;
	}

	/**
	 * Unused.
	 */
	public void destroy() {
	}
}