PHP Класс yii\filters\HostControl

This filter provides protection against 'host header' attacks, allowing action execution only for specified host names. Application configuration example: php return [ 'as hostControl' => [ 'class' => 'yii\filters\HostControl', 'allowedHosts' => [ 'example.com', '*.example.com', ], ], ... ]; Controller configuration example: php use yii\web\Controller; use yii\filters\HostControl; class SiteController extends Controller { public function behaviors() { return [ 'hostControl' => [ 'class' => HostControl::className(), 'allowedHosts' => [ 'example.com', '*.example.com', ], ], ]; } ... } > Note: the best way to restrict allowed host names is usage of the web server 'virtual hosts' configuration. This filter should be used only if this configuration is not available or compromised.

С версии: 2.0.11

Автор: Paul Klimov ([email protected])

Наследование: extends yii\base\ActionFilter

Показать файл Открыть проект

Открытые свойства

Свойство	Тип	Описание
$allowedHosts		list of host names, which are allowed. Each host can be specified as a wildcard pattern. For example: php [ 'example.com', '*.example.com', ] This field can be specified as a PHP callback of following signature: php function (\yii\base\Action $action) { return array of strings } where $action is the current [[\yii\base\Action\|action]] object. If this field is not set - no host name check will be performed.
$denyCallback		a callback that will be called if the current host does not match [[allowedHosts]]. If not set, HostControl::denyAccess will be called. The signature of the callback should be as follows: php function (\yii\base\Action $action) where $action is the current [[\yii\base\Action\|action]] object. > Note: while implementing your own host deny processing, make sure you avoid usage of the current requested host name, creation of absolute URL links, caching page parts and so on.

Открытые методы

Метод	Описание
beforeAction ( $action )

Защищенные методы

Метод	Описание
denyAccess ( Action $action )	Denies the access.

Описание методов

beforeAction() публичный Метод

public beforeAction ( $action )

denyAccess() защищенный Метод

The default implementation will display 404 page right away, terminating the program execution. You may override this method, creating your own deny access handler. While doing so, make sure you avoid usage of the current requested host name, creation of absolute URL links, caching page parts and so on.

protected denyAccess ( Action $action )
$action	yii\base\Action	the action to be executed.

Описание свойств

$allowedHosts публичное свойство

list of host names, which are allowed. Each host can be specified as a wildcard pattern. For example: php [ 'example.com', '*.example.com', ] This field can be specified as a PHP callback of following signature: php function (\yii\base\Action $action) { return array of strings } where $action is the current [[\yii\base\Action|action]] object. If this field is not set - no host name check will be performed.

public $allowedHosts

$denyCallback публичное свойство

a callback that will be called if the current host does not match [[allowedHosts]]. If not set, HostControl::denyAccess will be called. The signature of the callback should be as follows: php function (\yii\base\Action $action) where $action is the current [[\yii\base\Action|action]] object. > Note: while implementing your own host deny processing, make sure you avoid usage of the current requested host name, creation of absolute URL links, caching page parts and so on.

public $denyCallback