| Handler | Description |
|---|---|
| SQL Injection Handler | This handler will evaluate all parameters in a request and check for various SQL keywords. If found, the handler will reject the request to protect from SQL injection attacks. |
| IP Address Filter Handler | This handler will allow you to include a list of IP addresses or remote host names and exclude all others. Alternatively, you can provide a list of excluded IP addresses and host names and allow all others. This could be useful for restricting certain resources such as administration pages to the localhost. |
This handler will evaluate all parameters in a request and check for various SQL keywords. If found, the handler will reject the request to protect from SQL injection attacks. Various initial parameters exist to give you more options.
To use this handler, simply add the handler declaration to the "handlers" section of the deadbolt-config.xml file and use like any other handler:
<handler> <handler-name>SQLInjectionHandler</handler-name> <handler-class>net.sf.deadbolt.handlers.SQLInjectionHandler</handler-class> </handler>
The following initial parameters exist to give this handler more flexibility:
| Parameter name | Values and Descriptions |
|---|---|
| LEVEL | WEAK or STRONG. Specifying the WEAK parameter will tell this handler to be less strict when checking parameters. This will only check for the following character strings: ', ;, and --. Specifying STRONG will check for a much larger set of strings. Specifying this parameter is useful when you have large textarea fields where the user will likely use some of the keywords. |
| EXCLUDED-FIELDS | In this parameter, you can specify a comma separated list of parameter named that will be excluded from the injection validation. Although this opens you up to a possible attack, you may find it necessary to not check certain fields. For example, you might want to exlude a "last name" field, because those names such as "O'Brian" have an apostraphe. |
This handler will allow you to include a list of IP addresses or remote host names and exclude all others. Alternatively, you can provide a list of excluded IP addresses and host names and allow all others. This could be useful for restricting certain resources such as administration pages to the localhost.
To use this handler, simply add the handler declaration to the "handlers" section of the deadbolt-config.xml file and use like any other handler:
<handler> <handler-name>IPFilterHandler</handler-name> <handler-class>net.sf.deadbolt.handlers.IPFilterHandler</handler-class> </handler>
The following initial parameters exist for this handler. Note that you should only use one of these parameters. Using both will cause the handler to default to the EXCLUDED-LIST parameter.
| Parameter name | Values and Descriptions |
|---|---|
| INCLUDED-LIST | This is a comma separated list of IP addresses and/or remote host names to allow into the resource. The handler will reject requests from any other IP addresses. |
| EXCLUDED-LIST | This is also a comma separated list of IP addresses and/or remote host names to reject. Any request from an IP address or host name not in this list will be allowed to access the resource. |
The following error keys are required to use this handler. You specify these in the deadbolt-config.xml file under the error-messages element.
<error-message> <message-key>ip.filter.handler.restricted</message-key> <message-content> You choose the message to display to the users. </message-content> </error-message>