PHP 클래스 yii\filters\HostControl

This filter provides protection against 'host header' attacks, allowing action execution only for specified host names. Application configuration example: php return [ 'as hostControl' => [ 'class' => 'yii\filters\HostControl', 'allowedHosts' => [ 'example.com', '*.example.com', ], ], ... ]; Controller configuration example: php use yii\web\Controller; use yii\filters\HostControl; class SiteController extends Controller { public function behaviors() { return [ 'hostControl' => [ 'class' => HostControl::className(), 'allowedHosts' => [ 'example.com', '*.example.com', ], ], ]; } ... } > Note: the best way to restrict allowed host names is usage of the web server 'virtual hosts' configuration. This filter should be used only if this configuration is not available or compromised.
부터: 2.0.11
저자: Paul Klimov ([email protected])
상속: extends yii\base\ActionFilter
파일 보기 프로젝트 열기: yiisoft/yii2

공개 프로퍼티들

프로퍼티 타입 설명
$allowedHosts list of host names, which are allowed. Each host can be specified as a wildcard pattern. For example: php [ 'example.com', '*.example.com', ] This field can be specified as a PHP callback of following signature: php function (\yii\base\Action $action) { return array of strings } where $action is the current [[\yii\base\Action|action]] object. If this field is not set - no host name check will be performed.
$denyCallback a callback that will be called if the current host does not match [[allowedHosts]]. If not set, HostControl::denyAccess will be called. The signature of the callback should be as follows: php function (\yii\base\Action $action) where $action is the current [[\yii\base\Action|action]] object. > Note: while implementing your own host deny processing, make sure you avoid usage of the current requested host name, creation of absolute URL links, caching page parts and so on.

공개 메소드들

메소드 설명
beforeAction ( $action )

보호된 메소드들

메소드 설명
denyAccess ( Action $action ) Denies the access.

메소드 상세

beforeAction() 공개 메소드

public beforeAction ( $action )

denyAccess() 보호된 메소드

The default implementation will display 404 page right away, terminating the program execution. You may override this method, creating your own deny access handler. While doing so, make sure you avoid usage of the current requested host name, creation of absolute URL links, caching page parts and so on.
protected denyAccess ( Action $action )
$action yii\base\Action the action to be executed.

프로퍼티 상세

$allowedHosts 공개적으로 프로퍼티

list of host names, which are allowed. Each host can be specified as a wildcard pattern. For example: php [ 'example.com', '*.example.com', ] This field can be specified as a PHP callback of following signature: php function (\yii\base\Action $action) { return array of strings } where $action is the current [[\yii\base\Action|action]] object. If this field is not set - no host name check will be performed.
public $allowedHosts

$denyCallback 공개적으로 프로퍼티

a callback that will be called if the current host does not match [[allowedHosts]]. If not set, HostControl::denyAccess will be called. The signature of the callback should be as follows: php function (\yii\base\Action $action) where $action is the current [[\yii\base\Action|action]] object. > Note: while implementing your own host deny processing, make sure you avoid usage of the current requested host name, creation of absolute URL links, caching page parts and so on.
public $denyCallback