Host filter ver. 1.1

This is a Java servlet filter (as per Servlet API 2.3). This filter lets you check Host header in HTTP requests. You can provide a list of allowed values this header, so any request with the wrong value will be prohibited. Filter lets you protect your web applications from DNS rebinding attack.

How to use it:

a) download hostflt.jar and save it in WEB-INF/lib

b) describe this filter in web.xml. Initial parameter hosts provides a commas separated list of allowed values. E.g.:
 


<filter>
  <filter-name>HostFilter</filter-name>
  <filter-class>com.cj.host.HostFilter</filter-class>
  <init-param>
    <param-name>hosts</param-name>
    <param-value>www.myserver.com,myserver.com:80</param-value>
  </init-param>
</filter>

d) describe a mapping for this filter in web.xml
 


<filter-mapping>
  <filter-name>HostFilter</filter-name>
  <url-pattern>*</url-pattern>
</filter-mapping>

in this case filter will be on for the each request

   For downloading:

    Host package:  hostflt.jar
 

 ©  Coldbeans     Comments?

See also JSOS - the largest collection of servlets and filters.