• 홈
• yii
• filters
• HostControl

PHP 클래스 yii\filters\HostControl

This filter provides protection against 'host header' attacks, allowing action execution only for specified host names. Application configuration example: php return [ 'as hostControl' => [ 'class' => 'yii\filters\HostControl', 'allowedHosts' => [ 'example.com', '*.example.com', ], ], ... ]; Controller configuration example: php use yii\web\Controller; use yii\filters\HostControl; class SiteController extends Controller { public function behaviors() { return [ 'hostControl' => [ 'class' => HostControl::className(), 'allowedHosts' => [ 'example.com', '*.example.com', ], ], ]; } ... } > Note: the best way to restrict allowed host names is usage of the web server 'virtual hosts' configuration. This filter should be used only if this configuration is not available or compromised. 파일 보기 프로젝트 열기: yiisoft/yii2

공개 프로퍼티들

프로퍼티	타입	설명
$allowedHosts		list of host names, which are allowed. Each host can be specified as a wildcard pattern. For example: php [ 'example.com', '*.example.com', ] This field can be specified as a PHP callback of following signature: php function (\yii\base\Action $action) { return array of strings } where $action is the current [[\yii\base\Action|action]] object. If this field is not set - no host name check will be performed.
$denyCallback		a callback that will be called if the current host does not match [[allowedHosts]]. If not set, HostControl::denyAccess will be called. The signature of the callback should be as follows: php function (\yii\base\Action $action) where $action is the current [[\yii\base\Action|action]] object. > Note: while implementing your own host deny processing, make sure you avoid usage of the current requested host name, creation of absolute URL links, caching page parts and so on.

공개 메소드들

메소드	설명
beforeAction ( $action )

보호된 메소드들

메소드	설명
denyAccess ( Action $action )	Denies the access.

메소드 상세

프로퍼티 상세